Intrusion Prevention

SAP.Internet.Server.Directory.Traversal

Description

It indicates an attacker attempted to exploit a Directory Traversal attack against Sap Internet Server. The SAP Internet Transaction server is vulnerable to multiple Directory Traversal attacks because of insufficient verification of user supplied input. An attacker can supply (../) sequences to the end of .html extensions to read files in sensitive locations.

Affected Products

SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011

Impact

Information Leakage

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2003-0748