|
iE Integrator Configuration Information Disclosure Weakness
|
|
Secunia Advisory:
|
SA18813
|
|
|
Release Date:
|
2006-02-14
|
|
Last Update:
|
2006-02-17
|
|
Popularity:
|
4,641 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Exposure of system information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Workaround
|
|
| Software: | iE Integrator 4.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-0704
|
|
Description:
D Scholefield has reported a weakness in iE Integrator, which can be exploited by malicious people to disclose certain system information.
The weakness is caused due to certain system information (e.g. directory path, internal IP address) being disclosed in an error message when a non-existing script within the ieIntegrator application directory (apps) is requested.
Successful exploitation requries that a custom error message has not been defined in the "acm.ini" file
The weakness has been reported in version 4.4.220114.
Solution:
Configure a custom error message in the "acm.ini" file.
Provided and/or discovered by:
D Scholefield, IRM.
Changelog:
2006-02-17: Added CVE reference.
Original Advisory:
http://www.irmplc.com/advisory016.htm
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
