Vulnerability Description
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Etrust Security Command Center | 1.0 |
References
- http://secunia.com/advisories/22023ExploitPatchVendor Advisory
- http://securitytracker.com/id?1016910
- http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txtExploitPatchVendor Advisory
- http://www.osvdb.org/29009
- http://www.securityfocus.com/archive/1/446611/100/0/threaded
- http://www.securityfocus.com/archive/1/446716/100/0/threaded
- http://www.securityfocus.com/bid/20139
- http://www.vupen.com/english/advisories/2006/3738
- http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=20
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29102
- http://secunia.com/advisories/22023ExploitPatchVendor Advisory
- http://securitytracker.com/id?1016910
- http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txtExploitPatchVendor Advisory
- http://www.osvdb.org/29009
FAQ
What is CVE-2006-4899?
CVE-2006-4899 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (si...
How severe is CVE-2006-4899?
CVE-2006-4899 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4899?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Etrust Security Command Center.