Vulnerabilities > CVE-2006-0704 - Information Disclosure vulnerability in IE Integrator 4.4.220114

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

high complexity

NVD

Published: 2006-02-15

Updated: 2017-07-20

Summary

iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.

Vulnerable Configurations

Part	Description	Count
Application	Ie IE IE Integrator 4.4.220114	1

References

http://secunia.com/advisories/18813
http://www.irmplc.com/advisory016.htm
http://www.vupen.com/english/advisories/2006/0568
https://exchange.xforce.ibmcloud.com/vulnerabilities/24714