CVE-2003-1036

Properties

Published:
14.04.2004
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
SAP: Internet Transaction Server
SAP: Internet Transaction Server
SAP: Internet Transaction Server

Vulnerability description

Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.

References:

ISS X-Force: http://xforce.iss.net/xforce/xfdb/14186
MISC: http://www.phenoelit.de/stuff/Phenoelit20c3.pd