Description
The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
https://www.exploit-db.com/exploits/24811
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18413
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110262921306862&w=2
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11869
Various Sources x_refsource_misc
http://www.oliverkarow.de/research/f-secure.txt
Scores
EPSS
0.0357
EPSS Percentile
87.9%
Details
Status
published
Products (1)
f-secure/policy_manager
5.11
Published
Jan 10, 2005
Tracked Since
Feb 18, 2026