Signature Detail
Short Name |
HTTP:MISC:SAP-ITS-INFO-DISC |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
SAP Internet Transaction Server Information Disclosure |
Release Date |
2013/05/02 |
Update Number |
2259 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: SAP Internet Transaction Server Information Disclosure
This signature detects attempts to exploit a known vulnerability in the SAP Internet Transaction Server. A successful attack can lead to unauthorized information disclosure.
Extended Description
A vulnerability has been discovered in SAP Internet Transaction Server (SITS)that could allow an attacker to obtain sensitive information. The problem occurs due to SITS disclosing sensitive local filesystem information when handling malformed requests. Specifically, an attacker who submits a request containing invalid values will receive an error response message in return. This response may contain sensitive information.
Affected Products
- SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011
References
- BugTraq: 8515
- BugTraq: 8516
- CVE: CVE-2003-0747
- CVE: CVE-2003-0748