CVE-2006-0704 : iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.

iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.

Published 2006-02-15 11:06:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2006-0704

IE » Ie Integrator » Version: 4.4.220114
cpe:2.3:a:ie:ie_integrator:4.4.220114:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-0704

EPSS FAQ

0.39%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 57 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-0704

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.6	LOW	AV:N/AC:H/Au:N/C:P/I:N/A:N	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2006-0704

http://www.irmplc.com/advisory016.htm

Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24714
http://secunia.com/advisories/18813

Vendor Advisory
http://www.vupen.com/english/advisories/2006/0568

Jump to

Vulnerability Details : CVE-2006-0704

Products affected by CVE-2006-0704

Exploit prediction scoring system (EPSS) score for CVE-2006-0704

CVSS scores for CVE-2006-0704

References for CVE-2006-0704