Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1103

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1103
Last Modified 10 Mar 2011 10:51:18
Published 25 Feb 2011 02:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1103

Summary

The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.

Vulnerable Systems

Application

  • F-secure Policy Manager 7.00

  • F-secure Policy Manager 8.00

  • F-secure Policy Manager 8.1x

  • F-secure Policy Manager 9.00


References

CONFIRM - http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html

XF - fsecure-webreporting-path-disclosure(65664)

VUPEN - ADV-2011-0509

SECTRACK - 1025124

SECUNIA - 43049


Last Updated: 27 May 2016 10:56:09