Unrated severityNVD Advisory· Published Sep 22, 2006· Updated Apr 16, 2026

CVE-2006-4899

Description

The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.

Affected products

Broadcom Corporation/Etrust Security Command Center4 versions
cpe:2.3:a:broadcom:etrust_security_command_center:1.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:broadcom:etrust_security_command_center:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:etrust_security_command_center:8:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr1:*:*:*:*:*
- cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr2:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/22023nvdExploitPatchVendor Advisory
users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txtnvdExploitPatchVendor Advisory
securitytracker.com/idnvd
www.osvdb.org/29009nvd
www.securityfocus.com/archive/1/446611/100/0/threadednvd
www.securityfocus.com/archive/1/446716/100/0/threadednvd
www.securityfocus.com/bid/20139nvd
www.vupen.com/english/advisories/2006/3738nvd
www3.ca.com/securityadvisor/blogs/posting.aspxnvd
www3.ca.com/securityadvisor/vulninfo/vuln.aspxnvd
exchange.xforce.ibmcloud.com/vulnerabilities/29102nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.013
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000