CVE-2006-4899
First published: Fri Sep 22 2006(Updated: )
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| eTrust Security Command Center | =1.0 | |
| eTrust Security Command Center | =8 | |
| eTrust Security Command Center | =8-sp1 | |
| eTrust Security Command Center | =8-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt
- http://secunia.com/advisories/22023
- http://www.securityfocus.com/bid/20139
- http://securitytracker.com/id?1016910
- http://www.vupen.com/english/advisories/2006/3738
- http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616
- http://www.osvdb.org/29009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29102
- http://www.securityfocus.com/archive/1/446716/100/0/threaded
- http://www.securityfocus.com/archive/1/446611/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-4899?
CVE-2006-4899 is considered a medium severity vulnerability due to its potential for information disclosure.
How do I fix CVE-2006-4899?
To fix CVE-2006-4899, you should upgrade to the latest version of CA eTrust Security Command Center, specifically to versions beyond 8.1 SP1 CR2.
What types of systems are affected by CVE-2006-4899?
CVE-2006-4899 affects systems running CA eTrust Security Command Center versions 1.0 and 8.0 up to SP1 CR2 on Windows.
What is the main consequence of exploiting CVE-2006-4899?
The main consequence of exploiting CVE-2006-4899 is the potential exposure of the web server path through error messages.
Can CVE-2006-4899 be exploited remotely?
Yes, CVE-2006-4899 can be exploited remotely by attackers who send a specially crafted request containing a single quote.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/broadcom
- product/etrust security command center
- canonical/broadcom etrust security command center
- canonical/etrust security command center
- version/etrust security command center/1.0
- version/etrust security command center/8
- version/etrust security command center/8-sp1