Lucene search

[email protected]NVD:CVE-2006-0704

HistoryFeb 15, 2006 - 11:06 a.m.

CVE-2006-0704

2006-02-1511:06:00

[email protected]

web.nvd.nist.gov

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.007

Percentile

79.6%

JSON

iE Integrator 4.4.220114, when configured without a “bespoke error page” in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.

Affected configurations

Nvd

Node

ieie_integratorMatch4.4.220114

VendorProductVersionCPE
ieie_integrator4.4.220114cpe:2.3:a:ie:ie_integrator:4.4.220114:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ie	ie_integrator	4.4.220114	cpe:2.3:a:ie:ie_integrator:4.4.220114:::::::*

References

secunia.com/advisories/18813

www.irmplc.com/advisory016.htm

www.vupen.com/english/advisories/2006/0568

exchange.xforce.ibmcloud.com/vulnerabilities/24714

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.007

Percentile

79.6%

JSON

Related for NVD:CVE-2006-0704

prion1 cvelist1 cve1