https://www.exploit-db.com/exploits/24811
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200501-039

F-SecurePolicyManager是一套网络安全管理工具。F-SecurePolicyManager5.11.2810中的ManagementAgent存在信息泄露漏洞。远程攻击者可利用一个对fsmsh.dll的无任何参数的HTTP请求，获取诸如web服务器的绝对路径等敏感信息。

source: http://www.securityfocus.com/bid/11869/info

F-Secure Policy Manager includes a CGI application named 'fsmsh.dll'. By supplying unexpected input as an argument to the 'fsmsh.dll' application the vulnerable software will return an error message that includes the installation path of the software.

/fsms/fsmsh.dll?

来源:XF
名称:fsecure-url-obtain-information(18413)
链接:http://xforce.iss.net/xforce/xfdb/18413
来源:BID
名称:11869
链接:http://www.securityfocus.com/bid/11869
来源:MISC
链接:http://www.oliverkarow.de/research/f-secure.txt
来源:BUGTRAQ
名称:20041209=?iso-8859-1?Q?F-Secure_Policy_Manager_-__physical_path_disclosure?=
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110262921306862&w;=2