F-Secure PolicyManager ManagementAgent 信息泄露漏洞

27次阅读
没有评论

F-Secure PolicyManager ManagementAgent 信息泄露漏洞

漏洞ID 1108329 漏洞类型 未知
发布时间 2004-12-09 更新时间 2005-10-20
F-Secure PolicyManager ManagementAgent 信息泄露漏洞CVE编号 CVE-2004-1223
F-Secure PolicyManager ManagementAgent 信息泄露漏洞CNNVD-ID CNNVD-200501-039
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/24811
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200501-039
|漏洞详情
F-SecurePolicyManager是一套网络安全管理工具。F-SecurePolicyManager5.11.2810中的ManagementAgent存在信息泄露漏洞。远程攻击者可利用一个对fsmsh.dll的无任何参数的HTTP请求,获取诸如web服务器的绝对路径等敏感信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/11869/info

F-Secure Policy Manager includes a CGI application named 'fsmsh.dll'. By supplying unexpected input as an argument to the 'fsmsh.dll' application the vulnerable software will return an error message that includes the installation path of the software.

/fsms/fsmsh.dll?
|参考资料

来源:XF
名称:fsecure-url-obtain-information(18413)
链接:http://xforce.iss.net/xforce/xfdb/18413
来源:BID
名称:11869
链接:http://www.securityfocus.com/bid/11869
来源:MISC
链接:http://www.oliverkarow.de/research/f-secure.txt
来源:BUGTRAQ
名称:20041209=?iso-8859-1?Q?F-Secure_Policy_Manager_-__physical_path_disclosure?=
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110262921306862&w;=2

相关推荐: KDE Konqueror超大图像宽度拒绝服务漏洞

KDE Konqueror超大图像宽度拒绝服务漏洞 漏洞ID 1203181 漏洞类型 缓冲区溢出 发布时间 2002-12-31 更新时间 2002-12-31 CVE编号 CVE-2002-2333 CNNVD-ID CNNVD-200212-828 漏洞…

正文完
 0