Vulnerability Description
The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F-Secure | Policy Manager | 5.11 |
References
- http://marc.info/?l=bugtraq&m=110262921306862&w=2
- http://www.oliverkarow.de/research/f-secure.txt
- http://www.securityfocus.com/bid/11869ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18413
- http://marc.info/?l=bugtraq&m=110262921306862&w=2
- http://www.oliverkarow.de/research/f-secure.txt
- http://www.securityfocus.com/bid/11869ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18413
FAQ
What is CVE-2004-1223?
CVE-2004-1223 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without ...
How severe is CVE-2004-1223?
CVE-2004-1223 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1223?
Check the references section above for vendor advisories and patch information. Affected products include: F-Secure Policy Manager.