CVE-2011-1103: Infoleak
First published: Fri Feb 25 2011(Updated: )
The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F-Secure Policy Manager | =8.1x-hotfix2 | |
| F-Secure Policy Manager | =9.00-hotfix3 | |
| F-Secure Policy Manager | =9.00-hotfix2 | |
| F-Secure Policy Manager | =8.00-hotfix1 | |
| F-Secure Policy Manager | =9.00-hotfix1 | |
| F-Secure Policy Manager | =8.1x-hotfix1 | |
| F-Secure Policy Manager | =7.00 | |
| F-Secure Policy Manager | =8.00-hotfix1 | |
| F-Secure Policy Manager | =9.00-hotfix1 | |
| F-Secure Policy Manager | =8.1x-hotfix1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/f-secure
- canonical/f-secure policy manager
- version/f-secure policy manager/8.1x-hotfix2
- version/f-secure policy manager/9.00-hotfix3
- version/f-secure policy manager/9.00-hotfix2
- version/f-secure policy manager/8.00-hotfix1
- version/f-secure policy manager/9.00-hotfix1
- version/f-secure policy manager/8.1x-hotfix1
- version/f-secure policy manager/7.00