SAP Internet Graphics Server (IGS) Directory Traversal Vulnerability

medium Nessus Plugin ID 19298

Synopsis

The remote web server is affected by a directory traversal vulnerability.

Description

The version of SAP Internet Graphics Server (IGS) installed on the remote host is affected by a directory traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP GET request, to access arbitrary files on the remote host with the privileges of the web server process.

Solution

Upgrade to SAP IGS version 6.40 Patch 11 or later.

See Also

http://www.nessus.org/u?d1abf66b

https://seclists.org/bugtraq/2005/Jul/411

Plugin Details

Severity: Medium

ID: 19298

File Name: sap_igs_dir_traversal.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 7/25/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:sap:sap_r_3

Exploit Ease: No exploit is required

Exploited by Nessus: true

Vulnerability Publication Date: 7/25/2005

Reference Information

CVE: CVE-2005-1691

BID: 14369