Information Disclosure Vulnerability in SAP Internet Transaction Server AGate Component
CVE-2003-1038

Currently unrated

Key Information:

Vendor

SAP

Vendor
CVE Published:
15 April 2004

What is CVE-2003-1038?

The AGate component of SAP's Internet Transaction Server (ITS) is susceptible to an information disclosure vulnerability that allows remote attackers to gain access to sensitive information. By manipulating the ~command parameter with an AgateInstallCheck value, an attacker can retrieve a list of installed dynamic-link libraries (DLLs) along with their full pathnames. This leakage of internal system paths can aid malicious entities in launching further attacks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.