ID CVE-2003-0747 Type cve Reporter NVD Modified 2017-07-10T21:29:35
Description
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.
{"id": "CVE-2003-0747", "bulletinFamily": "NVD", "title": "CVE-2003-0747", "description": "wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.", "published": "2003-10-20T00:00:00", "modified": "2017-07-10T21:29:35", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0747", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/8515", "https://exchange.xforce.ibmcloud.com/vulnerabilities/13063", "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html"], "cvelist": ["CVE-2003-0747"], "type": "cve", "lastseen": "2017-07-11T11:14:18", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:sap:internet_transaction_server:4620.2.0.323011"], "cvelist": ["CVE-2003-0747"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.", "edition": 1, "enchantments": {}, "hash": "0a6cd2020cac22c8d431cbc5ede454f59fd5a9bdfd7d421d417ebb127ca29520", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "664259abc5a9a8b9c776fa2b99e4b71b", "key": "cpe"}, {"hash": "2bbeca637c89aa0b2424061dd417e304", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "442753e152081a89c6810a17bf76b337", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "0ffde7303a55067a1cd1eda4baef0ce1", "key": "references"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0da6b4a91c4ec9fc50f23e67197f5caf", "key": "published"}, {"hash": "5cfa4ca1195a82067e49d35912372309", "key": "title"}, {"hash": "9248cef461dbf412935b92cbcbab67ea", "key": "modified"}, {"hash": "8c1a696f9f8a446e18b069381e89f709", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0747", "id": "CVE-2003-0747", "lastseen": "2016-09-03T04:03:38", "modified": "2008-09-05T16:35:08", "objectVersion": "1.2", "published": "2003-10-20T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/13063", "http://www.securityfocus.com/bid/8515", "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2003-0747", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T04:03:38"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "664259abc5a9a8b9c776fa2b99e4b71b"}, {"key": "cvelist", "hash": "2bbeca637c89aa0b2424061dd417e304"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "8c1a696f9f8a446e18b069381e89f709"}, {"key": "href", "hash": "442753e152081a89c6810a17bf76b337"}, {"key": "modified", "hash": "412aac21f85d3d7b61545fefb42a241f"}, {"key": "published", "hash": "0da6b4a91c4ec9fc50f23e67197f5caf"}, {"key": "references", "hash": "26f88d8e0c8473778a45aab001255594"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "5cfa4ca1195a82067e49d35912372309"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "5400fb7d87345833d3319eb1bdeaa561aba146b9cb08066b9e6ad56644c01eda", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2017-07-11T11:14:18"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:23069"]}, {"type": "osvdb", "idList": ["OSVDB:6450"]}], "modified": "2017-07-11T11:14:18"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:sap:internet_transaction_server:4620.2.0.323011"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"exploitdb": [{"lastseen": "2016-02-02T20:11:52", "bulletinFamily": "exploit", "description": "SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Information Disclosure Vulnerability. CVE-2003-0747 . Remote exploits for multiple platform", "modified": "2003-08-30T00:00:00", "published": "2003-08-30T00:00:00", "id": "EDB-ID:23069", "href": "https://www.exploit-db.com/exploits/23069/", "type": "exploitdb", "title": "SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Information Disclosure Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/8515/info\r\n\r\nA vulnerability has been discovered in SAP Internet Transaction Server (SITS)that could allow an attacker to obtain sensitive information. The problem occurs due to SITS disclosing sensitive local filesystem information when handling malformed requests. Specifically, an attacker who submits a request containing invalid values will receive an error response message in return. This response may contain sensitive information. \r\n\r\nhttp://www.server.name/scripts/wgate/pbw2/!?\r\n\r\nwith params:\r\n~runtimemode=DM&\r\n~language=en&\r\n~theme=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx& ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23069/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:01", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.sap.com/\n[Secunia Advisory ID:9637](https://secuniaresearch.flexerasoftware.com/advisories/9637/)\n[Related OSVDB ID: 10285](https://vulners.com/osvdb/OSVDB:10285)\n[Related OSVDB ID: 2499](https://vulners.com/osvdb/OSVDB:2499)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html\nISS X-Force ID: 13063\n[CVE-2003-0747](https://vulners.com/cve/CVE-2003-0747)\nBugtraq ID: 8515\n", "modified": "2003-08-30T00:00:00", "published": "2003-08-30T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6450", "id": "OSVDB:6450", "type": "osvdb", "title": "SAP Internet Transaction Server wgate.dll Multiple Parameter Information Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
