Path Disclosure Vulnerability in CA eTrust Security Command Center
CVE-2006-4899

Currently unrated

Key Information:

Vendor: Broadcom
Status: Etrust Security Command Center
Vendor: CVE Published:; 22 September 2006

What is CVE-2006-4899?

The ePPIServlet script in Computer Associates' eTrust Security Command Center versions 1.0 and r8 (up to SP1 CR2) exposes the web server path due to improper error handling. A remote attacker can exploit this vulnerability by inserting a single quote in the PIProfile function, leading to the disclosure of sensitive path information through an error message. This could potentially facilitate further attacks on the application or underlying systems.

References

http://users.tpg.com.au/adsl2dvp/advisories/200608-comput...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/29102

vdb-entryx_refsource_XF

http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=...

x_refsource_CONFIRM

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 22, 2006
Vulnerability Reserved
Sep 20, 2006

Broadcom

What is CVE-2006-4899?

References

EPSS Score

Timeline