PT-2006-5652 · Microsoft+1 · Windows+1

Published

2006-09-22

Updated

2021-04-09

CVE-2006-4899

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CA eTrust Security Command Center versions 1.0 and r8 up to SP1 CR2

Description The issue allows remote attackers to obtain the web server path via a single quote in the PIProfile function, which leaks the path in an error message. This occurs when the ePPIServlet script is running on Windows.

Recommendations For CA eTrust Security Command Center versions 1.0 and r8 up to SP1 CR2, consider restricting access to the ePPIServlet script until a fix is available. As a temporary workaround, avoid using the PIProfile function with untrusted input to minimize the risk of path leakage.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4899

Affected Products

Ca Etrust Security Command Center

Windows

PT-2006-5652 · Microsoft+1 · Windows+1

CVE-2006-4899

Related Identifiers

Affected Products

References · 13