CVE-2006-4899
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.24 Low
EPSS
Percentile
96.6%
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a “'” (single quote) in the PIProfile function, which leaks the path in an error message.
Affected configurations
References
secunia.com/advisories/22023
securitytracker.com/id?1016910
users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt
www.osvdb.org/29009
www.securityfocus.com/archive/1/446611/100/0/threaded
www.securityfocus.com/archive/1/446716/100/0/threaded
www.securityfocus.com/bid/20139
www.vupen.com/english/advisories/2006/3738
www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9
www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616
exchange.xforce.ibmcloud.com/vulnerabilities/29102
Social References
More
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.24 Low
EPSS
Percentile
96.6%