Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4899

4 documents4 sources

Severity

5.0MEDIUM

EPSS

16.4%

top 5.14%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Etrust Security Command Center

Timeline

PublishedSep 22

Latest updateMay 1

Description

The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbroadcom/etrust_security_command_center1.0, 8+1

Patches

Patch: secunia.com ↗Patch: users.tpg.com.au ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-cv97-3hvj-jx45: The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1↗2022-05-01

▶

CVEList

CVE-2006-4899: The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1↗2006-09-22

▶

💥Exploits & PoCs

Exploit-DB

CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Web Server Full Path Disclosure↗2006-09-21

▶