F-Secure Policy Manager fsmsh.dll Path Disclosure

medium Nessus Network Monitor Plugin ID 3962

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running F-Secure Policy Manager, a distributed administration software that allows a system administrator to control applications from a single web console. There is a flaw in the file '/fsms/fsmsh.dll' that discloses the physical path to this application. An attacker may use the knowledge gained through this problem to set up more elaborate attacks against the remote host.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.f-secure.com

http://archives.neohapsis.com/archives/bugtraq/2004-12/0103.html

Plugin Details

Severity: Medium

ID: 3962

Family: Web Servers

Published: 4/4/2007

Updated: 3/6/2019

Nessus ID: 15931

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:f-secure:policy_manager

Reference Information

CVE: CVE-2004-1223

BID: 11869