Path Disclosure Vulnerability in CA eTrust Security Command Center
CVE-2006-4899

Currently unrated

Key Information:

Vendor

Broadcom
Status
Etrust Security Command Center
Vendor
CVE Published:
22 September 2006

What is CVE-2006-4899?

The ePPIServlet script in Computer Associates' eTrust Security Command Center versions 1.0 and r8 (up to SP1 CR2) exposes the web server path due to improper error handling. A remote attacker can exploit this vulnerability by inserting a single quote in the PIProfile function, leading to the disclosure of sensitive path information through an error message. This could potentially facilitate further attacks on the application or underlying systems.

References

http://users.tpg.com.au/adsl2dvp/advisories/200608-comput...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/29102
vdb-entryx_refsource_XF
http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=...
x_refsource_CONFIRM

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.