Home page logo

bugtraq logo Bugtraq mailing list archives

F-Secure Policy Manager - physical path disclosure
From: <oliver () greyhat de>
Date: Thu, 9 Dec 2004 21:54:02 +0100

F-Secure Policy Manager - Management Agent - physical path disclosure


FSMSH Version 5.11.2810 - on Win32 (not tested on other platforms)


A webserver is running on Port 80/tcp. Connecting to the port via a
webbrowser offers the
following link, available without authentication:


Following this link will give the Version Number of the application:


However.... modifiying the link as follows:


will give the following result, containing the physical path of the
f-secure installation:

        FSMSH Version 5.11.2810
        Started at: 04/12/07 20:18:48
        Processed requests: 8780        
        Commdir path: C:\Programme\F-Secure\Management Server 5\CommDir
        COMMDIR: C:\Programme\F-Secure\Management Server 5\CommDir found
        C:\Programme\F-Secure\Management Server 5\CommDir\commdir.cfg found
        Repository API initialized - status: OK


Informed by mail on 07.Dec.2004; Response at 08.Dec.; Will be fixed

Discovered by:

oliver karow
This document: http://www.oliverkarow.de/research/f-secure.txt

  By Date           By Thread  

Current thread:
  • F-Secure Policy Manager - physical path disclosure oliver (Dec 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]