Detections
Analytics

F-Secure Policy Manager Path Disclosure

medium Nessus Plugin ID 15931

Language:

Synopsis

A web application running on the remote host has an information disclosure vulnerability.

Description

The remote host is running F-Secure Policy Manager, a distributed administration software allowing a system administrator to control applications from a single web console.

There is a flaw in the file '/fsms/fsmsh.dll' that discloses the physical path this application is under. An attacker could use this information to mount further attacks.

Solution

Upgrade to the latest version of this software.

See Also

https://seclists.org/bugtraq/2004/Dec/102

Plugin Details

Severity: Medium

ID: 15931

File Name: fsecure_fsmsh_disclosure.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 12/10/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:f-secure:policy_manager

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/9/2004

Reference Information

CVE: CVE-2004-1223

BID: 11869

Secunia: 13416