F-Secure URL obtain information
| fsecure-url-obtain-information (18413) |  Low Risk |
Description:
F-Secure Policy Manger is for managing F-Secure Anti-virus and security solutions from a single system for Microsoft Windows and Linux-based operating systems. F-Secure Policy Manger version 5.11.2810 running on Microsoft Windows operating systems could allow a remote attacker to obtain sensitive information. A remote attacker could send a specially-crafted URL request to the F-Secure Policy Manger Web server running on TCP port 80, causing the Web server to disclose the installation path.
Platforms Affected:
- F-Secure, Policy Manager 5.11.2810
- Microsoft, Windows 2003 Server
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Obtain Information
References:
- BugTraq Mailing List, Thu Dec 09 2004 - 14:54:02 CST , F-Secure Policy Manager - physical path disclosure at http://archives.neohapsis.com/archives/bugtraq/2004-12/0103.html.
- F-Secure Policy Manager Web site, F-Secure Policy Manager at http://www.f-secure.com/products/fspm/.
- BID-11869: F-Secure Policy Manager FSMSH.DLL CGI Application Installation Path Disclosure Vulnerability
- CVE-2004-1223: The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters.
Reported:
Dec 09, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net