Vulnerabilities > CVE-2011-1424 - Configuration vulnerability in EMC Sourceone Email Management 6.5.2.3668

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

NVD

Published: 2011-05-24

Updated: 2018-10-09

Summary

The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Sourceone Email Management 6.5.2.3668 EMC Sourceone Email Management *	2
Application	Microsoft Microsoft Exchange *	1
Application	Ibm IBM Lotus Domino * IBM Lotus Notes *	2

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Seebug

bulletinFamily	exploit
description	Bugtraq ID: 47862 CVE ID：CVE-2011-1424 EMC SourceOne Email Management是一款电子邮件管理和监控软件。启用了ASP.NET应用跟踪的EMC SourceOne Email Management存在安全漏洞，此跟踪文件包含应用程序的敏感信息，远程验证用户可调用ASP.NET应用跟踪从此文件中获得敏感信息。 EMC SourceOne Email Management for Notes/Domino 6.6.0.1209 (HF1) EMC SourceOne Email Management for Notes/Domino 6.5.2.3668 (SP2 HF3) EMC SourceOne Email Management for Microsoft Exchange 6.6.0.1209 (HF1) EMC SourceOne Email Management for Microsoft Exchange 6.5.2.3668 (SP2 HF3 厂商解决方案 EMC SourceOne Email Management 6.6 SP1已经修复此漏洞，建议用户下载使用： http://www.emc.com/products/launch/sourceone/index.htm
id	SSV:20567
last seen	2017-11-19
modified	2011-05-18
published	2011-05-18
reporter	Root
title	EMC SourceOne产品ASP.NET应用跟踪信息泄露漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Seebug

References