IBM Tivoli Directory Server 3.2.24.1 - LDACGI Directory Traversal

2004-08-02T00:00:00
ID EXPLOITPACK:C0B601B36C4838A54B0401968B0DF092
Type exploitpack
Reporter anonymous
Modified 2004-08-02T00:00:00

Description

IBM Tivoli Directory Server 3.2.24.1 - LDACGI Directory Traversal

                                        
                                            source: https://www.securityfocus.com/bid/10841/info

IBM Tivoli Directory Server is reported to contain a directory traversal vulnerability in its web front-end application.

This issue presents itself due to insufficient sanitization of user-supplied data.

This issue allows remote attackers to view potentially sensitive files on the server that are accessible to the 'ldap' user. This may aid an attacker in conducting further attacks against the vulnerable computer.

Versions 3.2.2, and 4.1 are reported vulnerable.

http://www.example.com/ldap/cgi-bin/ldacgi.exe?Action=Substitute&Template=../../../../../boot.ini&Sub=LocalePath&LocalePath=enus1252