CVE-2003-0748

Name of the Vulnerable Software and Affected Versions: SAP Internet Transaction Server (ITS) version 4620.2.0.323011

Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using .. (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters. The space characters can prevent the effective addition of a .html extension to the filename, facilitating the attack.

Recommendations: For SAP Internet Transaction Server (ITS) version 4620.2.0.323011, consider restricting access to the wgate.dll file as a temporary workaround until a patch is available. Avoid using the ~theme and ~template parameters with filenames that could be manipulated to include space characters or .. sequences.