Short Name |
HTTP:MISC:SAP-ITS-INFO-DISC |
---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
SAP Internet Transaction Server Information Disclosure |
Release Date |
2013/05/02 |
Update Number |
2259 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to exploit a known vulnerability in the SAP Internet Transaction Server. A successful attack can lead to unauthorized information disclosure.
A vulnerability has been discovered in SAP Internet Transaction Server (SITS)that could allow an attacker to obtain sensitive information. The problem occurs due to SITS disclosing sensitive local filesystem information when handling malformed requests. Specifically, an attacker who submits a request containing invalid values will receive an error response message in return. This response may contain sensitive information.