CVE-2006-4899

Name of the Vulnerable Software and Affected Versions CA eTrust Security Command Center versions 1.0 and r8 up to SP1 CR2

Description The issue allows remote attackers to obtain the web server path via a single quote in the PIProfile function, which leaks the path in an error message. This occurs when the ePPIServlet script is running on Windows.

Recommendations For CA eTrust Security Command Center versions 1.0 and r8 up to SP1 CR2, consider restricting access to the ePPIServlet script until a fix is available. As a temporary workaround, avoid using the PIProfile function with untrusted input to minimize the risk of path leakage.