CVE-2011-1103
published 2011-02-25CVE-2011-1103: The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4…
PriorityP418medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.96%
77.8th percentile
The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f-secure | policy_manager | — | — |
| f-secure | policy_manager | — | — |
| f-secure | policy_manager | — | — |
| f-secure | policy_manager | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1103 notmuch: tag information disclosure flaw
bugzilla·2012-03-05·CVSS 5.0
CVE-2011-1103 [MEDIUM] CVE-2011-1103 notmuch: tag information disclosure flaw
CVE-2011-1103 notmuch: tag information disclosure flaw
It was found that in versions of notmuch prior to 0.11.1, certain input passed via MML tags were not properly sanitized in notmuch-mua.el before being used. If a user used the Emacs interface, this could be exploited to attach arbitrary local files that the victim has permission to read, to outgoing messages, if the victim were tricked into replying to a message containing a specially-crafted MML tag. This was due to the Emacs interface not quoting these tags in the reply text, which it now does [1].
[1] http://git.notmuchmail.org/git/notmuch/commit/ae438ccd8c77831158c7c30f19710d798ee4a6b4
Discussion:
notmuch-0.11.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this
Bugzilla
CVE-2011-1103 notmuch: tag information disclosure flaw [fedora-all]
bugzilla·2012-03-05·CVSS 5.0
CVE-2011-1103 [MEDIUM] CVE-2011-1103 notmuch: tag information disclosure flaw [fedora-all]
CVE-2011-1103 notmuch: tag information disclosure flaw [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=80
http://secunia.com/advisories/43049http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.htmlhttp://www.securitytracker.com/id?1025124http://www.vupen.com/english/advisories/2011/0509https://exchange.xforce.ibmcloud.com/vulnerabilities/65664http://secunia.com/advisories/43049http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.htmlhttp://www.securitytracker.com/id?1025124http://www.vupen.com/english/advisories/2011/0509https://exchange.xforce.ibmcloud.com/vulnerabilities/65664
2011-02-25
Published