Date Discovered: 21 Sep 2006
Date Published: 21 Sep 2006
Last Updated: 28 Sep 2006
Vulnerability ID: 34616 Discovered By: Patrick Webster
Exploitable Locally: No Exploitable Remotely: Yes
Impact: A remote attacker can reveal web server path.
Root Cause: Software Vulnerability
CA eTrust Security Command Center contains a vulnerability that can allow a remote attacker to discover the web server path on Windows platforms. The vulnerability is due to improper processing of PIProfile function when single quote character sent to ePPIServlet script. An attacker can exploit this vulnerability to reveal web server path.
Back to top
-------------------------------------------------------------------------------For: CA eTrust Security Command Center r8 SP1 CR1Please download and install the following patch:http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO81862&startsearch=1-------------------------------------------------------------------------------For: CA eTrust Security Command Center r8 SP1 CR2Please download and install the following patch:http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO81863&startsearch=1-------------------------------------------------------------------------------For: CA eTrust Security Command Center 1.0Please download and install the following patches:http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO81875&startsearch=1-------------------------------------------------------------------------------For: CA eTrust Security Command Center - Server r8Please download and install the following patch:http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO81758&startsearch=1
Computer Associates: CA eTrust Security Command Center - Server r8Computer Associates: CA eTrust Security Command Center r8 SP1 CR1Computer Associates: CA eTrust Security Command Center r8 SP1 CR2Computer Associates: eTrust Security Command Center 1.0
Computer Associates: eTrustSCCVulnMitre CVE: CVE-2006-4899