Vulnerabilities > CVE-2006-6345 - Directory Traversal vulnerability in SAP Internet Graphics Service
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/23262
- http://securityreason.com/securityalert/1986
- http://securitytracker.com/id?1017342
- http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf
- http://www.securityfocus.com/archive/1/453561/100/0/threaded
- http://www.securityfocus.com/bid/21449
- http://www.vupen.com/english/advisories/2006/4863
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30765