Intrusion Prevention

SAP.ITS.WGate.Trace.Level.Logging.Format.String

Description

It indicates an attacker attempted to exploit a String Format vulnerability against SAP ITS Wgate. SAP ITS WGate contains a String Format vulnerability in the trace login plugin. It can be exploited to execute arbitrary code.

Affected Products

Linux: Linux Any version
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows NT Any version
SAP: SAP Internet Transaction Server (ITS) prior to 4.6 PL463
SAP: SAP Internet Transaction Server (ITS) prior to 6.10 PL30
SAP: SAP Internet Transaction Server (ITS) prior to 6.20 PL7

Impact

The execution of arbitrary code on the system.

Recommended Actions

Apply appropriate patch at http://www.sap.com/.

CVE References

CVE-2003-1037

Other References

1