CVE-2003-0747

SAP ITS 4620.2.0.323011 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0747. PoCs published by Martin Eiszner.

AI-analyzed exploit summary This exploit demonstrates an information leakage vulnerability in SAP Internet Transaction Server (SITS) by sending a malformed request with invalid parameters, causing the server to disclose sensitive filesystem information in the error response.

Description

wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Martin Eiszner · textremotemultiple
https://www.exploit-db.com/exploits/23069

This exploit demonstrates an information leakage vulnerability in SAP Internet Transaction Server (SITS) by sending a malformed request with invalid parameters, causing the server to disclose sensitive filesystem information in the error response.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: SAP Internet Transaction Server (SITS)
No auth needed
Prerequisites: Network access to the target SAP ITS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8515
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13063

Scores

EPSS 0.0284
EPSS Percentile 84.8%

Details

Status published
Products (1)
sap/internet_transaction_server 4620.2.0.323011
Published Oct 20, 2003
Tracked Since Feb 18, 2026