Vulnerabilities > CVE-2006-4899 - Unspecified vulnerability in Broadcom Etrust Security Command Center 1.0/8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | CA eSCC r8/1.0,eTrust Audit r8/1.5 Web Server Path Disclosure. CVE-2006-4899. Remote exploit for windows platform |
| id | EDB-ID:28640 |
| last seen | 2016-02-03 |
| modified | 2006-09-21 |
| published | 2006-09-21 |
| reporter | Patrick Webster |
| source | https://www.exploit-db.com/download/28640/ |
| title | CA eSCC r8/1.0,eTrust Audit r8/1.5 Web Server Path Disclosure |
References
- http://secunia.com/advisories/22023
- http://securitytracker.com/id?1016910
- http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt
- http://www.osvdb.org/29009
- http://www.securityfocus.com/archive/1/446611/100/0/threaded
- http://www.securityfocus.com/archive/1/446716/100/0/threaded
- http://www.securityfocus.com/bid/20139
- http://www.vupen.com/english/advisories/2006/3738
- http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29102