Back to search
CVE-2006-0704
Published: Feb 15, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.irmplc.com/advisory016.htm
x_refsource_MISC
18813
third-party-advisory
x_refsource_SECUNIA
ieintegrator-error-information-disclosure(24714)
vdb-entry
x_refsource_XF
ADV-2006-0568
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now