Information Disclosure Vulnerability in SAP Internet Transaction Server AGate Component
CVE-2003-1038
Currently unrated
What is CVE-2003-1038?
The AGate component of SAP's Internet Transaction Server (ITS) is susceptible to an information disclosure vulnerability that allows remote attackers to gain access to sensitive information. By manipulating the ~command parameter with an AgateInstallCheck value, an attacker can retrieve a list of installed dynamic-link libraries (DLLs) along with their full pathnames. This leakage of internal system paths can aid malicious entities in launching further attacks.