Exploit CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Web Server Full Path Disclosure

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
28640
Проверка EDB
  1. Пройдено
Автор
PATRICK WEBSTER
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2006-4899
Дата публикации
2006-09-21
Код:
source: https://www.securityfocus.com/bid/20139/info

CA eTrust Security Command Center (eSCC) and eTrust Audit are prone to multiple vulnerabilities, including:

- an information-disclosure issue
- an arbitrary-file-deletion issue
- a replay issue.

These vulnerabilities occur because the software fails to validate user input and because of design errors in the way the software handles user permissions and secure data-transmission protocols.

An attacker may exploit these vulnerabilities to access sensitive information, delete arbitrary files with the permissions of the service account, and carry out external replay attacks.

https://www.example.com:8080/etrust/servlet/ePPIServlet?PIProfile=eAV_Report's&PIName=Generate+Pre-7.1+Report+Data&profile= Threat+Management&node=
 
Источник
www.exploit-db.com

Похожие темы