Vulnerability Description
Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Etrust Security Command Center | 8 |
References
- http://secunia.com/advisories/22023ExploitPatchVendor Advisory
- http://securitytracker.com/id?1016910
- http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txtExploitPatchVendor Advisory
- http://www.osvdb.org/29010ExploitPatch
- http://www.securityfocus.com/archive/1/446611/100/0/threaded
- http://www.securityfocus.com/archive/1/446716/100/0/threaded
- http://www.securityfocus.com/bid/20139
- http://www.vupen.com/english/advisories/2006/3738
- http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=20ExploitPatchVendor Advisory
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29104
- http://secunia.com/advisories/22023ExploitPatchVendor Advisory
- http://securitytracker.com/id?1016910
- http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txtExploitPatchVendor Advisory
- http://www.osvdb.org/29010ExploitPatch
FAQ
What is CVE-2006-4900?
CVE-2006-4900 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." seq...
How severe is CVE-2006-4900?
CVE-2006-4900 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4900?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Etrust Security Command Center.