F-Secure Policy Manager Server fsmsh.dll module DoS

Medium Nessus Plugin ID 25402

Synopsis

The remote host is an F-Secure Policy Manager Server.

Description

The remote host is running a version a F-Secure Policy Manager Server that is vulnerable to a denial of service.

A malicious user can forge a request to query a MS-DOS device name through the 'fsmsh.dll' CGI module, which will prevent legitimate users from accessing the service using the Manager Console.

Solution

Upgrade to F-Secure Policy Manager Server 7.01 or later.

See Also

http://www.f-secure.com/en/web/labs_global/fsc-2007-4

Plugin Details

Severity: Medium

ID: 25402

File Name: fs_policy_manager_7_dos.nasl

Version: $Revision: 1.12 $

Type: remote

Published: 2007/06/04

Modified: 2016/05/05

Dependencies: 11936, 10107

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:f-secure:policy_manager

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/05/29

Reference Information

CVE: CVE-2007-2964

BID: 24233