header-logo
Suggest Exploit
vendor:
IBM Tivoli Directory Server
by:
Unknown
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: IBM Tivoli Directory Server
Affected Version From: 3.2.2002
Affected Version To: 4.1
Patch Exists: NO
Related CWE: Unknown
CPE: tivoli:ibm_tivoli_directory_server
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

IBM Tivoli Directory Server Directory Traversal Vulnerability

IBM Tivoli Directory Server is reported to contain a directory traversal vulnerability in its web front-end application. This issue presents itself due to insufficient sanitization of user-supplied data. This issue allows remote attackers to view potentially sensitive files on the server that are accessible to the 'ldap' user. This may aid an attacker in conducting further attacks against the vulnerable computer.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10841/info

IBM Tivoli Directory Server is reported to contain a directory traversal vulnerability in its web front-end application.

This issue presents itself due to insufficient sanitization of user-supplied data.

This issue allows remote attackers to view potentially sensitive files on the server that are accessible to the 'ldap' user. This may aid an attacker in conducting further attacks against the vulnerable computer.

Versions 3.2.2, and 4.1 are reported vulnerable.

http://www.example.com/ldap/cgi-bin/ldacgi.exe?Action=Substitute&Template=../../../../../boot.ini&Sub=LocalePath&LocalePath=enus1252

Navigation

Suggest Exploit

Services By CQR