CVE-2006-4899
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
97.4%
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a “'” (single quote) in the PIProfile function, which leaks the path in an error message.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| broadcom | etrust_security_command_center | 1.0 | cpe:2.3:a:broadcom:etrust_security_command_center:1.0:*:*:*:*:*:*:* |
| broadcom | etrust_security_command_center | 8 | cpe:2.3:a:broadcom:etrust_security_command_center:8:*:*:*:*:*:*:* |
| broadcom | etrust_security_command_center | 8 | cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr1:*:*:*:*:* |
| broadcom | etrust_security_command_center | 8 | cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr2:*:*:*:*:* |
References
secunia.com/advisories/22023
securitytracker.com/id?1016910
users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt
www.osvdb.org/29009
www.securityfocus.com/archive/1/446611/100/0/threaded
www.securityfocus.com/archive/1/446716/100/0/threaded
www.securityfocus.com/bid/20139
www.vupen.com/english/advisories/2006/3738
www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9
www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616
exchange.xforce.ibmcloud.com/vulnerabilities/29102
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
97.4%