Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP Internet Transaction Server远程目录遍历漏洞
Vulnerability Description
SAP Internet Transaction Server (ITS)是一款基于Internet的事务服务程序。 SAO ITS服务器由于应用程序错误的解析用户请求和没有正确进行边界缓冲区检查,远程攻击者可以利用这个漏洞访问部分文件源代码或WEB ROOT之外的文件信息。 通过提供特殊构建的输入给"~theme"和"~template"参数,如提交包含多个'..\..'字符给"~theme"参数,提交包含超长字符串的文件名给"~template"参数就可以绕过应用程序对文件的正确解析,泄露请求的文件内
CVSS Information
N/A
Vulnerability Type
N/A