Lucene search

MitreCVE-2004-2526

HistoryOct 25, 2005 - 4:00 a.m.

CVE-2004-2526

2005-10-2504:00:00

mitre

web.nvd.nist.gov

cve

2004

2526

directory traversal

vulnerability

ibm

tivoli directory server

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a … (dot dot) in the Template parameter.

Affected configurations

Nvd

Node

ibmtivoli_directory_serverRange≤4.1

ibmtivoli_directory_serverMatch3.2.2

VendorProductVersionCPE
ibmtivoli_directory_server*cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*
ibmtivoli_directory_server3.2.2cpe:2.3:a:ibm:tivoli_directory_server:3.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_directory_server	*	cpe:2.3:a:ibm:tivoli_directory_server::::::::
ibm	tivoli_directory_server	3.2.2	cpe:2.3:a:ibm:tivoli_directory_server:3.2.2:::::::*

References

archives.neohapsis.com/archives/fulldisclosure/2004-07/1311.html

secunia.com/advisories/10347

securitytracker.com/id?1010834

www-1.ibm.com/support/docview.wss?uid=isg1IR52692

www-1.ibm.com/support/docview.wss?uid=swg1IR53631

www.oliverkarow.de/research/IDS_directory_traversal.txt

www.osvdb.org/8367

www.securityfocus.com/bid/10841

exchange.xforce.ibmcloud.com/vulnerabilities/16850

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

Related for CVE-2004-2526