nvd-json-data-feeds/CVE-2011/CVE-2011-11xx/CVE-2011-1103.json

{
  "id": "CVE-2011-1103",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2011-02-25T19:00:01.510",
  "lastModified": "2017-08-17T01:33:50.493",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo WebReporting en F-Secure Policy Manager v7.x, v8.00 anterior al hotfix v2, v8.1x anterior al hotfix v3 en Windows y hotfix v2 en Linux, y v9.00 anterior al hotfix  v4 en Windows y hotfix v2 en Linux, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud  para un report no v\u00e1lido, lo que permite revelar la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con las solicitudes para (1) report/infection-table.html o report/productsummary-table.html."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f-secure:policy_manager:7.00:*:windows:*:*:*:*:*",
              "matchCriteriaId": "5AA62EC6-45AA-48AE-95D8-DBF22112F06C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f-secure:policy_manager:8.00:hotfix1:windows:*:*:*:*:*",
              "matchCriteriaId": "7B7D7F8F-FEB9-4A54-B0E2-7429340AE10B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f-secure:policy_manager:8.1x:hotfix1:windows:*:*:*:*:*",
              "matchCriteriaId": "01973B04-2A51-4E00-88DF-A40A8F911185"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f-secure:policy_manager:8.1x:hotfix2:windows:*:*:*:*:*",
              "matchCriteriaId": "E4F3738E-22D0-486B-BA4A-309588C6F93D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f-secure:policy_manager:9.00:hotfix1:windows:*:*:*:*:*",
              "matchCriteriaId": "0F6D26FE-DBBF-4A2A-B8B5-879511E934EE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f-secure:policy_manager:9.00:hotfix2:windows:*:*:*:*:*",
              "matchCriteriaId": "71B7F86F-B3E7-4102-B8C2-0C284A8880B6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f-secure:policy_manager:9.00:hotfix3:windows:*:*:*:*:*",
              "matchCriteriaId": "C411CA74-ADE6-4E70-806F-E402D48B1091"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f-secure:policy_manager:8.00:hotfix1:linux:*:*:*:*:*",
              "matchCriteriaId": "91B68A1F-CAE9-4D45-AB3A-EA47A4E8B0B0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f-secure:policy_manager:8.1x:hotfix1:linux:*:*:*:*:*",
              "matchCriteriaId": "605CFA3C-B6F7-4E1C-82F1-20EE9D4DBD16"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f-secure:policy_manager:9.00:hotfix1:linux:*:*:*:*:*",
              "matchCriteriaId": "203DC39B-6350-4653-A064-73304717EBCB"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id?1025124",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2011/0509",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65664",
      "source": "cve@mitre.org"
    }
  ]
}