| |
Vulnerability CVE-2006-0704
Published: 2006-02-15 Modified: 2012-02-12
| Description: |
iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username. |
CVSS2 => (AV:N/AC:H/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
2.6/10 |
2.9/10 |
4.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
High |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
http://www.vupen.com/english/advisories/2006/0568
http://www.irmplc.com/advisory016.htm
http://secunia.com/advisories/18813
http://xforce.iss.net/xforce/xfdb/24714
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
