Directory Traversal Vulnerability in SAP Internet Transaction Server
CVE-2003-0748
Currently unrated
What is CVE-2003-0748?
The vulnerability in the SAP Internet Transaction Server's wgate.dll allows for a directory traversal attack. By manipulating the ~theme and ~template parameters with dot-dot backslash sequences, attackers can read arbitrary files on the server. This exploitation may occur because the server fails to append a .html extension to file names ending with space characters, thereby enabling unauthorized access to sensitive information.