Intrusion Prevention

SAP.ITS.AGate.Path.Disclosure

Description

It indicates a possible exploit of information disclosure vulnerability in SAP Internet Transaction Server (ITS).


SAP Internet Transaction Server (ITS) is an interface used to integrate SAP software to the Internet for Microsoft Windows, Linux, and Unix-based operating systems. SAP ITS versions prior to 6.20 PL7, 6.10 PL30, and 4.6 PL463 could allow a remote attacker to obtain sensitive information, caused by a vulnerability in the AGate component. A remote attacker could send a specially-crafted URL containing ~command=AgateInstallCheck to cause the server to disclose the installation path and version numbers of installed DLL files.


Affected Products

SAP ITS versions prior to 6.20 PL7, 6.10 PL30, and 4.6 PL463

Impact

Compromise of the affected system.

Recommended Actions

Apply appropriate patch from the vendor if available.

CVE References

CVE-2003-1038