Information Disclosure Vulnerability in SAP Internet Transaction Server AGate Component
CVE-2003-1038

Currently unrated

Key Information:

Vendor: SAP
Status: Internet Transaction Server
Vendor: CVE Published:; 15 April 2004

What is CVE-2003-1038?

The AGate component of SAP's Internet Transaction Server (ITS) is susceptible to an information disclosure vulnerability that allows remote attackers to gain access to sensitive information. By manipulating the ~command parameter with an AgateInstallCheck value, an attacker can retrieve a list of installed dynamic-link libraries (DLLs) along with their full pathnames. This leakage of internal system paths can aid malicious entities in launching further attacks.

References

http://www.phenoelit.de/stuff/Phenoelit20c3.pd

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/15516

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 15, 2004