F-Secure Policy Manager fsmsh.dll Path Disclosure

Medium Nessus Network Monitor Plugin ID 3962

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running F-Secure Policy Manager, a distributed administration software that allows a system administrator to control applications from a single web console. There is a flaw in the file '/fsms/fsmsh.dll' that discloses the physical path to this application. An attacker may use the knowledge gained through this problem to set up more elaborate attacks against the remote host.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://archives.neohapsis.com/archives/bugtraq/2004-12/0103.html

http://www.f-secure.com

Plugin Details

Severity: Medium

ID: 3962

Family: Web Servers

Published: 2007/04/04

Modified: 2016/01/21

Dependencies: 3961

Nessus ID: 15931

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Reference Information

CVE: CVE-2004-1223

BID: 11869