Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1424

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-1424
Last Modified 21 Sep 2011 11:30:13
Published 24 May 2011 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-1424

Summary

The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.

Vulnerable Systems

Application

  • Emc Sourceone Email Management 6.5.2.3668

  • Emc Sourceone Email Management 6.6.0.1209


References

BUGTRAQ - 20110513 ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability

SREASON - 8258


Last Updated: 27 May 2016 10:56:19