Proof-of-concept code is publicly available, increasing the likelihood of an exploit attempt. The code provides examples of each type of attack that may be performed against the system.
The code designed to exploit the information disclosure vulnerability creates several error messages that disclose operating system information, software versions, and the directory structure of the targeted server. The vulnerability can be exploited within the following parameters:
An attacker could view files by inputting a malicious request containing
the targeted file into one of the following parameters:
Targeted files are concatenated with a long string of spaces. The published proof-of-concept code uses this attack to display the contents of the global.srvc file. This file contains the Data Encryption Standard (DES)-encrypted password and username.
Due to a lack of proper input and output validation, an attacker could insert HTML scripting tags. Cookies are used heavily in the SAP Internet Transaction Server, and cross-site scripting attacks could
allow an attacker to retrieve these cookies. Proof-of-concept code obtains cookies using the ~service parameter.
Buffer overflow vulnerabilities have been identified in the following functions:
Additionally, there is a buffer overflow vulnerability in the processing of the HTTP Content-Type field.
Because of these overflow vulnerabilities, it is possible for a remote user to execute arbitrary code on the system.
The information leak is in /scripts/wgate. The vulnerability allows an attacker to obtain a list of all dynamic link
libraries on the system, along with their location and version numbers.