CVE-2006-0704

iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/18813	Vendor Advisory
http://www.irmplc.com/advisory016.htm	Vendor Advisory
http://www.vupen.com/english/advisories/2006/0568
https://exchange.xforce.ibmcloud.com/vulnerabilities/24714
http://secunia.com/advisories/18813	Vendor Advisory
http://www.irmplc.com/advisory016.htm	Vendor Advisory
http://www.vupen.com/english/advisories/2006/0568
https://exchange.xforce.ibmcloud.com/vulnerabilities/24714

Configurations

Configuration 1 (hide)

cpe:2.3:a:ie:ie_integrator:4.4.220114:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-02-15 11:06

Updated : 2025-04-03 01:03

NVD link : CVE-2006-0704

Mitre link : CVE-2006-0704

CVE.ORG link : CVE-2006-0704

JSON object : View

Products Affected

ie

ie_integrator

CWE

NVD-CWE-Other

{"id": "CVE-2006-0704", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-02-15T11:06:00.000", "references": [{"url": "http://secunia.com/advisories/18813", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.irmplc.com/advisory016.htm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0568", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24714", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18813", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.irmplc.com/advisory016.htm", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/0568", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24714", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "iE Integrator 4.4.220114, when configured without a \"bespoke error page\" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ie:ie_integrator:4.4.220114:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFF11C2B-5E15-4F3C-8033-FD65182CA8BB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}