SAP Internet Graphics Service Unspecified Directory Traversal Vulnerability
BID:21449
Info
SAP Internet Graphics Service Unspecified Directory Traversal Vulnerability
| Bugtraq ID: | 21449 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 05 2006 12:00AM |
| Updated: | Dec 05 2006 08:39PM |
| Credit: | Mariano Nuñez Di Croce is credited with the discovery of this issue. |
| Vulnerable: |
SAP Internet Graphics Service 7.00 Patch 6 SAP Internet Graphics Service 7.00 Patch 5 SAP Internet Graphics Server 6.40 Patch 11 SAP Internet Graphics Server 6.40 SAP Internet Graphics Server 7.00 Patch 4 SAP Internet Graphics Server 7.00 Patch 3 SAP Internet Graphics Server 7.00 Patch 2 SAP Internet Graphics Server 6.40 Patch 16 SAP Internet Graphics Server 6.40 Patch 15 SAP Internet Graphics Server 6.40 Patch 14 SAP Internet Graphics Server 6.40 Patch 13 SAP Internet Graphics Server 6.40 Patch 12 |
| Not Vulnerable: |
SAP Internet Graphics Service 7.00 Patch 7 SAP Internet Graphics Service 6.40 Patch 17 |
Discussion
SAP Internet Graphics Service Unspecified Directory Traversal Vulnerability
SAP Internet Graphics Service (IGS) is prone to an unspecified directory-traversal vulnerability.
An attacker can exploit this issue to remove arbitrary files on the SAP IGS filesystem.
Versions 6.40 prior to patch 17 and 7.00 prior to patch 7 are vulnerable.
NOTE: This issue affects IGS only when running on UNIX computers.
SAP Internet Graphics Service (IGS) is prone to an unspecified directory-traversal vulnerability.
An attacker can exploit this issue to remove arbitrary files on the SAP IGS filesystem.
Versions 6.40 prior to patch 17 and 7.00 prior to patch 7 are vulnerable.
NOTE: This issue affects IGS only when running on UNIX computers.
Exploit / POC
SAP Internet Graphics Service Unspecified Directory Traversal Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
SAP Internet Graphics Service Unspecified Directory Traversal Vulnerability
Solution:
The vendor has released patches to address this issue; please contact the vendor for information on how to obtain and apply these patches. See the references for more information.
Solution:
The vendor has released patches to address this issue; please contact the vendor for information on how to obtain and apply these patches. See the references for more information.
References
SAP Internet Graphics Service Unspecified Directory Traversal Vulnerability
References:
References:
- SAP Homepage (SAP)
- CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbit (Mariano Nuñez Di Croce )