Lucene search

[email protected]CVE-2011-1103

HistoryFeb 25, 2011 - 7:00 p.m.

CVE-2011-1103

2011-02-2519:00:01

CWE-200

[email protected]

web.nvd.nist.gov

cve-2011-1103

webreporting

f-secure

policy manager

information disclosure

vulnerability

windows

linux

hotfix

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.2%

JSON

The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.

Affected configurations

NVD

Node

f-securepolicy_managerMatch7.00windows

f-securepolicy_managerMatch8.00hotfix1windows

f-securepolicy_managerMatch8.1xhotfix1windows

f-securepolicy_managerMatch8.1xhotfix2windows

f-securepolicy_managerMatch9.00hotfix1windows

f-securepolicy_managerMatch9.00hotfix2windows

f-securepolicy_managerMatch9.00hotfix3windows

Node

f-securepolicy_managerMatch8.00hotfix1linux

f-securepolicy_managerMatch8.1xhotfix1linux

f-securepolicy_managerMatch9.00hotfix1linux

CPENameOperatorVersion
f-secure:policy_managerf-secure policy managereq7.00
f-secure:policy_managerf-secure policy managereq8.00
f-secure:policy_managerf-secure policy managereq8.1x
f-secure:policy_managerf-secure policy managereq9.00

CPE	Name	Operator	Version
f-secure:policy_manager	f-secure policy manager	eq	7.00
f-secure:policy_manager	f-secure policy manager	eq	8.00
f-secure:policy_manager	f-secure policy manager	eq	8.1x
f-secure:policy_manager	f-secure policy manager	eq	9.00