CVE-2006-0704
Last modified
CVE-2006-0704 is a vulnerability of currently unknown severity. iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.. EPSS estimates a 1.22% chance of exploitation in the next 30 days.
Description
iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ie | Ie Integrator | 4.4.220114 |
References
- http://secunia.com/advisories/18813Vendor Advisory
- http://www.irmplc.com/advisory016.htmVendor Advisory
- http://secunia.com/advisories/18813Vendor Advisory
- http://www.irmplc.com/advisory016.htmVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-0704?
How severe is CVE-2006-0704?
How do I fix CVE-2006-0704?
Are you affected by CVE-2006-0704?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST