Search...

CVE-2003-0747

2003-10-20T04:00:00

ID CVE-2003-0747
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:29:00

Description

wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.

JSON Vulners Source

Initial Source

{"id": "CVE-2003-0747", "bulletinFamily": "NVD", "title": "CVE-2003-0747", "description": "wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.", "published": "2003-10-20T04:00:00", "modified": "2017-07-11T01:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0747", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/8515", "https://exchange.xforce.ibmcloud.com/vulnerabilities/13063", "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html"], "cvelist": ["CVE-2003-0747"], "type": "cve", "lastseen": "2019-05-29T18:07:57", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "ecfd4c8b098062dac9047cdaecddb8fa"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "664259abc5a9a8b9c776fa2b99e4b71b"}, {"key": "cpe23", "hash": "da37a4178341dd4ce9525ca9ae7cc192"}, {"key": "cvelist", "hash": "2bbeca637c89aa0b2424061dd417e304"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "8c1a696f9f8a446e18b069381e89f709"}, {"key": "href", "hash": "442753e152081a89c6810a17bf76b337"}, {"key": "modified", "hash": "0570c0ae817ff4e1462c3ba2dbea4266"}, {"key": "published", "hash": "4f5cd6074ed2eba5765523ea36930963"}, {"key": "references", "hash": "26f88d8e0c8473778a45aab001255594"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5cfa4ca1195a82067e49d35912372309"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "a351a26f0b9e67d5ccb2dbb622bb48854dd38f717e583918aac6a994db8956b6", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:23069"]}, {"type": "osvdb", "idList": ["OSVDB:6450"]}], "modified": "2019-05-29T18:07:57"}, "score": {"value": 5.7, "vector": "NONE", "modified": "2019-05-29T18:07:57"}, "vulnersScore": 5.7}, "objectVersion": "1.3", "cpe": ["cpe:/a:sap:internet_transaction_server:4620.2.0.323011"], "affectedSoftware": [{"name": "sap internet_transaction_server", "operator": "eq", "version": "4620.2.0.323011"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:sap:internet_transaction_server:4620.2.0.323011:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:01", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.sap.com/\n[Secunia Advisory ID:9637](https://secuniaresearch.flexerasoftware.com/advisories/9637/)\n[Related OSVDB ID: 10285](https://vulners.com/osvdb/OSVDB:10285)\n[Related OSVDB ID: 2499](https://vulners.com/osvdb/OSVDB:2499)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html\nISS X-Force ID: 13063\n[CVE-2003-0747](https://vulners.com/cve/CVE-2003-0747)\nBugtraq ID: 8515\n", "modified": "2003-08-30T00:00:00", "published": "2003-08-30T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6450", "id": "OSVDB:6450", "type": "osvdb", "title": "SAP Internet Transaction Server wgate.dll Multiple Parameter Information Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-02T20:11:52", "bulletinFamily": "exploit", "description": "SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Information Disclosure Vulnerability. CVE-2003-0747 . Remote exploits for multiple platform", "modified": "2003-08-30T00:00:00", "published": "2003-08-30T00:00:00", "id": "EDB-ID:23069", "href": "https://www.exploit-db.com/exploits/23069/", "type": "exploitdb", "title": "SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Information Disclosure Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/8515/info\r\n\r\nA vulnerability has been discovered in SAP Internet Transaction Server (SITS)that could allow an attacker to obtain sensitive information. The problem occurs due to SITS disclosing sensitive local filesystem information when handling malformed requests. Specifically, an attacker who submits a request containing invalid values will receive an error response message in return. This response may contain sensitive information. \r\n\r\nhttp://www.server.name/scripts/wgate/pbw2/!?\r\n\r\nwith params:\r\n~runtimemode=DM&\r\n~language=en&\r\n~theme=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx& ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23069/"}]}