Vulnerability Description
iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ie | Ie Integrator | 4.4.220114 |
References
- http://secunia.com/advisories/18813Vendor Advisory
- http://www.irmplc.com/advisory016.htmVendor Advisory
- http://www.vupen.com/english/advisories/2006/0568
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24714
- http://secunia.com/advisories/18813Vendor Advisory
- http://www.irmplc.com/advisory016.htmVendor Advisory
- http://www.vupen.com/english/advisories/2006/0568
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24714
FAQ
What is CVE-2006-0704?
CVE-2006-0704 is a vulnerability with a CVSS score of 2.6 (LOW). iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the int...
How severe is CVE-2006-0704?
CVE-2006-0704 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0704?
Check the references section above for vendor advisories and patch information. Affected products include: Ie Ie Integrator.