header-logo
Suggest Exploit
vendor:
Internet Transaction Server (SITS)
by:
SecurityFocus
5
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: Internet Transaction Server (SITS)
Affected Version From: SAP Internet Transaction Server (SITS)
Affected Version To: SAP Internet Transaction Server (SITS)
Patch Exists: YES
Related CWE: CVE-2002-0753
CPE: a:sap:internet_transaction_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Information Disclosure in SAP Internet Transaction Server (SITS)

SAP Internet Transaction Server (SITS) is vulnerable to an information disclosure attack due to the server disclosing sensitive local filesystem information when handling malformed requests. An attacker can submit a request containing invalid values and receive an error response message in return, which may contain sensitive information.

Mitigation:

SAP has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8515/info

A vulnerability has been discovered in SAP Internet Transaction Server (SITS)that could allow an attacker to obtain sensitive information. The problem occurs due to SITS disclosing sensitive local filesystem information when handling malformed requests. Specifically, an attacker who submits a request containing invalid values will receive an error response message in return. This response may contain sensitive information. 

http://www.server.name/scripts/wgate/pbw2/!?

with params:
~runtimemode=DM&
~language=en&
~theme=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&

Navigation

Suggest Exploit

Services By CQR