CVE-2011-1424 - The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1,

CVE-2011-1424

Summary

The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.

References

Vulnerable Configurations

cpe:2.3:a:emc:sourceone_email_management:6.5.2.3668:*:*:*:*:*:*:*
cpe:2.3:a:emc:sourceone_email_management:6.5.2.3668:*:*:*:*:*:*:*
cpe:2.3:a:emc:sourceone_email_management:*:*:*:*:*:*:*:*
cpe:2.3:a:emc:sourceone_email_management:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*

CVSS

Base:	3.5 (as of 09-10-2018 - 19:30)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:N/A:N

refmap via4

bugtraq	20110513 ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability
sreason	8258

Last major update

09-10-2018 - 19:30

Published

24-05-2011 - 23:55

Last modified

09-10-2018 - 19:30