CVE-2006-4900 in eTrust Security Command Center
Summary
by MITRE
Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/12/2015
The vulnerability identified as CVE-2006-4900 represents a critical directory traversal flaw within Computer Associates eTrust Security Command Center versions 1.0 through r8 SP1 CR2. This security weakness resides in the eSMPAuditServlet component which processes the eSCCAdHocHtmlFile parameter without adequate input validation. The flaw allows authenticated remote attackers to manipulate file system access by exploiting the ".." sequence notation commonly used to navigate directory structures. The vulnerability specifically affects the getadhochtml function which fails to properly sanitize user-supplied input, creating an opportunity for malicious actors to access unauthorized file system resources.
This directory traversal vulnerability falls under the Common Weakness Enumeration category CWE-22, which describes improper limitation of a pathname to a restricted directory. The attack vector requires authentication, meaning that only users with valid credentials can exploit this weakness, but the impact remains severe as it enables arbitrary file reading and deletion capabilities. The vulnerability exists in the web application layer where user input is directly incorporated into file system operations without proper sanitization or validation mechanisms. Attackers can leverage this flaw to access sensitive system files, configuration data, or even execute destructive operations such as file deletion within the application's operational scope.
The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with the capability to manipulate the application's file system. An authenticated attacker could potentially read system configuration files, access sensitive log data, or delete critical application components. The vulnerability's presence in the eSMPAuditServlet component suggests that audit-related functionality is compromised, which could undermine the security monitoring capabilities that the eTrust Security Command Center is designed to provide. This creates a particularly dangerous scenario where an attacker could not only access system information but also potentially disrupt the security monitoring infrastructure itself.
Mitigation strategies for CVE-2006-4900 should focus on input validation and proper parameter handling within the affected servlet component. The recommended approach involves implementing strict input sanitization procedures that prevent directory traversal sequences from being processed by the getadhochtml function. Organizations should apply the vendor-provided security patches or updates that address this specific vulnerability. Additionally, access controls should be reviewed to ensure that only authorized users can access the vulnerable servlet endpoint, and network segmentation should be implemented to limit exposure. The ATT&CK framework categorizes this vulnerability under T1083 (File and Directory Discovery) and T1485 (Data Destruction) as it enables both reconnaissance and destructive capabilities. Security monitoring should include detection of unusual file access patterns and parameter manipulation attempts that could indicate exploitation of this vulnerability.