Directory Traversal Vulnerability in SAP Internet Transaction Server
CVE-2003-0748

Currently unrated

Key Information:

Vendor

SAP

Vendor
CVE Published:
20 October 2003

What is CVE-2003-0748?

The vulnerability in the SAP Internet Transaction Server's wgate.dll allows for a directory traversal attack. By manipulating the ~theme and ~template parameters with dot-dot backslash sequences, attackers can read arbitrary files on the server. This exploitation may occur because the server fails to append a .html extension to file names ending with space characters, thereby enabling unauthorized access to sensitive information.

References

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.