Preemptive Protection against SAP Internet Graphics Server Input Validation Vulnerability
| Attack ID: | CPAI-2005-110 |
 |
|
| Publish Date: | |
|
|
| Category: | Directory Traversal |
|
|
| Vulnerable Systems: | SAP Internet Graphics server prior to version 6.40 Patch 11 |
|
|
| Source: |
SecurityTracker Alert ID: 1014568 |
|
|
| Description: | The SAP Internet Graphics Server (IGS) is used in conjunction with SAP R/3 software and renders graphics to a device-dependent format. The server is affected by a directory traversal vulnerability, which can be exploited by remote attackers to access files outside of the permitted directory structure. |
|
|
| Severity: | |
| Details: | A remote attacker can supply a specially crafted request containing '../..' directory traversal characters to view files on the target system that are located outside of the web document directory. |
|
|
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of Connectra who have applied the solution outlined below, will identify attack attempts by the following SmartView Log entry: Information: reason: WSE0090001 directory traversal overflow |
|
|
| Solution: | Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of Connectra who have applied the solution outlined in CPAI-2005-25 are preemptively protected against this vulnerability. |
|
|
| Industry Reference: | CAN-2005-1691 |
|
|
| Additional Information: | |