iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.
References
Link | Resource |
---|---|
http://www.irmplc.com/advisory016.htm | Vendor Advisory |
http://secunia.com/advisories/18813 | Vendor Advisory |
http://www.vupen.com/english/advisories/2006/0568 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/24714 |
Configurations
Information
Published : 2006-02-15 03:06
Updated : 2017-07-19 18:29
NVD link : CVE-2006-0704
Mitre link : CVE-2006-0704
JSON object : View
CWE
Products Affected
ie
- ie_integrator