CVE-2003-0747

Name of the Vulnerable Software and Affected Versions: SAP Internet Transaction Server (ITS) version 4620.2.0.323011

Description: The issue allows remote attackers to obtain potentially sensitive information, such as directory structure and operating system, via incorrect parameters. The parameters ~service, ~templatelanguage, ~language, ~theme, or ~template can leak information in the resulting error message.

Recommendations: For SAP Internet Transaction Server (ITS) version 4620.2.0.323011, consider restricting access to the wgate.dll module to minimize the risk of exploitation. Avoid using the parameters ~service, ~templatelanguage, ~language, ~theme, or ~template in a way that could lead to information leakage until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.