5
CVE-2006-4899
- EPSS 9.88%
- Veröffentlicht 22.09.2006 22:07:00
- Zuletzt bearbeitet 16.06.2026 22:29:59
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Broadcom ≫ Etrust Security Command Center Version1.0
Broadcom ≫ Etrust Security Command Center Version8
Broadcom ≫ Etrust Security Command Center Version8 Updatesp1 Editioncr1
Broadcom ≫ Etrust Security Command Center Version8 Updatesp1 Editioncr2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.88% | 0.95 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://secunia.com/advisories/22023
http://securitytracker.com/id?1016910
http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt
http://www.osvdb.org/29009
http://www.securityfocus.com/archive/1/446611/100/0/threaded
http://www.securityfocus.com/archive/1/446716/100/0/threaded
http://www.securityfocus.com/bid/20139
http://www.vupen.com/english/advisories/2006/3738
http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616
https://exchange.xforce.ibmcloud.com/vulnerabilities/29102