| VID |
21660 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A SAP IGS seems to be running on the host and is vulnerable to a directory traversal attack. SAP R3 is a popular application package encompassing several different components serving various business functions. The Internet Graphics Server (IGS) is a subcomponent of the SAP R/3 enterprise environment, which is accessible over HTTP via a minimalist web server component. SAP R/3 versions prior to 6.40 Patch 11 are vulnerable to a directory traversal vulnerability, caused by an input validation error in the SAP Internet Graphics Server when processing document paths. By sending a specially-crafted document path containing "dot dot" sequences (/../), a remote attacker could read arbitrary files outside of the web root directory with the privileges of the Web service.
* References:
http://secunia.com/advisories/16208/
http://www.corsaire.com/advisories/c050503-001.txt
http://www.uniras.gov.uk/niscc/docs/re-20050725-00622.pdf?lang=en
http://online.securityfocus.com/archive/1/406375/30/0/threaded
http://www.frsirt.com/english/advisories/2005/1206
* Platforms Affected:
SAP R/3 versions prior to 6.40 Patch 11
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of SAP IGS software (6.40 Patch 11 or later), available from the SAP R/3 Web site at http://www.sap.com/solutions/index.epx |
| Related URL |
CVE-2005-1691 (CVE) |
| Related URL |
14369 (SecurityFocus) |
| Related URL |
21548 (ISS) |
|
