CVE-2011-1103

Name of the Vulnerable Software and Affected Versions F-Secure Policy Manager versions 7.x through 9.00 before hotfix 4 on Windows and hotfix 2 on Linux

Description The issue allows remote attackers to obtain sensitive information via a request to an invalid report. This is achieved by sending a request to an invalid report, which reveals the installation path in an error message. For example, requests can be made to "report/infection-table.html" or "report/productsummary-table.html" to exploit this.

Recommendations For F-Secure Policy Manager version 7.x, update to a version with the necessary hotfixes. For F-Secure Policy Manager version 8.00, apply hotfix 2 on Windows or hotfix 2 on Linux. For F-Secure Policy Manager version 8.1x, apply hotfix 3 on Windows or hotfix 2 on Linux. For F-Secure Policy Manager version 9.00, apply hotfix 4 on Windows or hotfix 2 on Linux.