Format String Vulnerability in SAP Internet Transaction Server
CVE-2003-1037

Currently unrated

Key Information:

Vendor: SAP
Status: Internet Transaction Server
Vendor: CVE Published:; 15 April 2004

What is CVE-2003-1037?

A format string vulnerability in the WGate component of the SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code through manipulation of the 'trace level' parameter. By carefully crafting requests with elevated trace levels, an attacker could exploit this flaw to compromise system integrity and potentially control affected systems.

References

http://www.phenoelit.de/stuff/Phenoelit20c3.pd

x_refsource_MISC

http://securitytracker.com/id?1009453

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/15514

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 15, 2004