Lucene search

IbmCVE-2015-1977

HistoryJul 15, 2016 - 6:59 p.m.

CVE-2015-1977

2016-07-1518:59:00

CWE-200

ibm

web.nvd.nist.gov

cve

2015

1977

directory traversal

vulnerability

ibm

tivoli

directory server

itds

isds

security

remote attack

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

68.4%

JSON

Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a … (dot dot) in a URL.

Affected configurations

Nvd

Node

ibmtivoli_directory_serverMatch6.2.0

ibmtivoli_directory_serverMatch6.2.0.0

ibmtivoli_directory_serverMatch6.2.0.1

ibmtivoli_directory_serverMatch6.2.0.2

ibmtivoli_directory_serverMatch6.2.0.3

ibmtivoli_directory_serverMatch6.2.0.4

ibmtivoli_directory_serverMatch6.2.0.5

ibmtivoli_directory_serverMatch6.2.0.6

ibmtivoli_directory_serverMatch6.2.0.7

ibmtivoli_directory_serverMatch6.2.0.8

ibmtivoli_directory_serverMatch6.2.0.10

ibmtivoli_directory_serverMatch6.2.0.11

ibmtivoli_directory_serverMatch6.2.0.12

ibmtivoli_directory_serverMatch6.2.0.13

ibmtivoli_directory_serverMatch6.2.0.14

ibmtivoli_directory_serverMatch6.2.0.15

ibmtivoli_directory_serverMatch6.2.0.19

ibmtivoli_directory_serverMatch6.2.0.20

ibmtivoli_directory_serverMatch6.2.0.21

ibmtivoli_directory_serverMatch6.2.0.22

ibmtivoli_directory_serverMatch6.2.0.23

ibmtivoli_directory_serverMatch6.2.0.24

ibmtivoli_directory_serverMatch6.2.0.25

ibmtivoli_directory_serverMatch6.2.0.26

ibmtivoli_directory_serverMatch6.2.0.27

ibmtivoli_directory_serverMatch6.2.0.29

ibmtivoli_directory_serverMatch6.2.0.30

ibmtivoli_directory_serverMatch6.2.0.31

ibmtivoli_directory_serverMatch6.2.0.32

ibmtivoli_directory_serverMatch6.2.0.33

ibmtivoli_directory_serverMatch6.2.0.34

ibmtivoli_directory_serverMatch6.2.0.35

ibmtivoli_directory_serverMatch6.2.0.36

ibmtivoli_directory_serverMatch6.2.0.37

ibmtivoli_directory_serverMatch6.2.0.38

ibmtivoli_directory_serverMatch6.2.0.39

ibmtivoli_directory_serverMatch6.2.0.40

ibmtivoli_directory_serverMatch6.2.0.41

ibmtivoli_directory_serverMatch6.2.0.42

ibmtivoli_directory_serverMatch6.2.0.43

ibmtivoli_directory_serverMatch6.2.0.44

ibmtivoli_directory_serverMatch6.2.0.45

ibmtivoli_directory_serverMatch6.2.0.46

ibmtivoli_directory_serverMatch6.2.0.47

ibmtivoli_directory_serverMatch6.2.0.48

ibmtivoli_directory_serverMatch6.2.0.49

Node

ibmtivoli_directory_serverMatch6.3.0

ibmtivoli_directory_serverMatch6.3.0.0

ibmtivoli_directory_serverMatch6.3.0.1

ibmtivoli_directory_serverMatch6.3.0.2

ibmtivoli_directory_serverMatch6.3.0.8

ibmtivoli_directory_serverMatch6.3.0.9

ibmtivoli_directory_serverMatch6.3.0.10

ibmtivoli_directory_serverMatch6.3.0.11

ibmtivoli_directory_serverMatch6.3.0.12

ibmtivoli_directory_serverMatch6.3.0.14

ibmtivoli_directory_serverMatch6.3.0.15

ibmtivoli_directory_serverMatch6.3.0.17

ibmtivoli_directory_serverMatch6.3.0.18

ibmtivoli_directory_serverMatch6.3.0.19

ibmtivoli_directory_serverMatch6.3.0.21

ibmtivoli_directory_serverMatch6.3.0.22

ibmtivoli_directory_serverMatch6.3.0.23

ibmtivoli_directory_serverMatch6.3.0.24

ibmtivoli_directory_serverMatch6.3.0.25

ibmtivoli_directory_serverMatch6.3.0.26

ibmtivoli_directory_serverMatch6.3.0.27

ibmtivoli_directory_serverMatch6.3.0.28

ibmtivoli_directory_serverMatch6.3.0.29

ibmtivoli_directory_serverMatch6.3.0.30

ibmtivoli_directory_serverMatch6.3.0.31

ibmtivoli_directory_serverMatch6.3.0.32

ibmtivoli_directory_serverMatch6.3.0.33

ibmtivoli_directory_serverMatch6.3.0.34

ibmtivoli_directory_serverMatch6.3.0.35

ibmtivoli_directory_serverMatch6.3.0.36

ibmtivoli_directory_serverMatch6.3.0.37

ibmtivoli_directory_serverMatch6.3.0.38

ibmtivoli_directory_serverMatch6.3.0.39

ibmtivoli_directory_serverMatch6.3.0.40

ibmtivoli_directory_serverMatch6.3.0.41

ibmtivoli_directory_serverMatch6.3.0.42

ibmtivoli_directory_serverMatch6.3.1.0

ibmtivoli_directory_serverMatch6.3.1.5

ibmtivoli_directory_serverMatch6.3.1.6

ibmtivoli_directory_serverMatch6.3.1.7

ibmtivoli_directory_serverMatch6.3.1.8

ibmtivoli_directory_serverMatch6.3.1.9

Node

ibmtivoli_directory_serverMatch6.1.0

ibmtivoli_directory_serverMatch6.1.0.0

ibmtivoli_directory_serverMatch6.1.0.1

ibmtivoli_directory_serverMatch6.1.0.2

ibmtivoli_directory_serverMatch6.1.0.3

ibmtivoli_directory_serverMatch6.1.0.4

ibmtivoli_directory_serverMatch6.1.0.5

ibmtivoli_directory_serverMatch6.1.0.6

ibmtivoli_directory_serverMatch6.1.0.7

ibmtivoli_directory_serverMatch6.1.0.8

ibmtivoli_directory_serverMatch6.1.0.9

ibmtivoli_directory_serverMatch6.1.0.10

ibmtivoli_directory_serverMatch6.1.0.11

ibmtivoli_directory_serverMatch6.1.0.12

ibmtivoli_directory_serverMatch6.1.0.13

ibmtivoli_directory_serverMatch6.1.0.14

ibmtivoli_directory_serverMatch6.1.0.15

ibmtivoli_directory_serverMatch6.1.0.17

ibmtivoli_directory_serverMatch6.1.0.18

ibmtivoli_directory_serverMatch6.1.0.19

ibmtivoli_directory_serverMatch6.1.0.20

ibmtivoli_directory_serverMatch6.1.0.21

ibmtivoli_directory_serverMatch6.1.0.22

ibmtivoli_directory_serverMatch6.1.0.23

ibmtivoli_directory_serverMatch6.1.0.24

ibmtivoli_directory_serverMatch6.1.0.25

ibmtivoli_directory_serverMatch6.1.0.26

ibmtivoli_directory_serverMatch6.1.0.27

ibmtivoli_directory_serverMatch6.1.0.28

ibmtivoli_directory_serverMatch6.1.0.29

ibmtivoli_directory_serverMatch6.1.0.30

ibmtivoli_directory_serverMatch6.1.0.31

ibmtivoli_directory_serverMatch6.1.0.32

ibmtivoli_directory_serverMatch6.1.0.33

ibmtivoli_directory_serverMatch6.1.0.34

ibmtivoli_directory_serverMatch6.1.0.35

ibmtivoli_directory_serverMatch6.1.0.36

ibmtivoli_directory_serverMatch6.1.0.37

ibmtivoli_directory_serverMatch6.1.0.38

ibmtivoli_directory_serverMatch6.1.0.39

ibmtivoli_directory_serverMatch6.1.0.40

ibmtivoli_directory_serverMatch6.1.0.41

ibmtivoli_directory_serverMatch6.1.0.42

ibmtivoli_directory_serverMatch6.1.0.43

ibmtivoli_directory_serverMatch6.1.0.44

ibmtivoli_directory_serverMatch6.1.0.45

ibmtivoli_directory_serverMatch6.1.0.46

ibmtivoli_directory_serverMatch6.1.0.47

ibmtivoli_directory_serverMatch6.1.0.48

ibmtivoli_directory_serverMatch6.1.0.49

ibmtivoli_directory_serverMatch6.1.0.50

ibmtivoli_directory_serverMatch6.1.0.51

ibmtivoli_directory_serverMatch6.1.0.52

ibmtivoli_directory_serverMatch6.1.0.53

ibmtivoli_directory_serverMatch6.1.0.54

ibmtivoli_directory_serverMatch6.1.0.55

ibmtivoli_directory_serverMatch6.1.0.56

ibmtivoli_directory_serverMatch6.1.0.57

ibmtivoli_directory_serverMatch6.1.0.58

ibmtivoli_directory_serverMatch6.1.0.59

ibmtivoli_directory_serverMatch6.1.0.60

ibmtivoli_directory_serverMatch6.1.0.61

ibmtivoli_directory_serverMatch6.1.0.62

ibmtivoli_directory_serverMatch6.1.0.63

ibmtivoli_directory_serverMatch6.1.0.64

ibmtivoli_directory_serverMatch6.1.0.65

ibmtivoli_directory_serverMatch6.1.0.66

ibmtivoli_directory_serverMatch6.1.0.67

ibmtivoli_directory_serverMatch6.1.0.68

ibmtivoli_directory_serverMatch6.1.0.69

ibmtivoli_directory_serverMatch6.1.0.70

ibmtivoli_directory_serverMatch6.1.0.71

ibmtivoli_directory_serverMatch6.1.0.72

ibmtivoli_directory_serverMatch6.1.0.73

Node

ibmsecurity_directory_serverMatch6.4.0

ibmsecurity_directory_serverMatch6.4.0.0

ibmsecurity_directory_serverMatch6.4.0.1

ibmsecurity_directory_serverMatch6.4.0.2

ibmsecurity_directory_serverMatch6.4.0.3

ibmsecurity_directory_serverMatch6.4.0.4

ibmsecurity_directory_serverMatch6.4.0.5

ibmsecurity_directory_serverMatch6.4.0.6

ibmsecurity_directory_serverMatch6.4.0.7

ibmsecurity_directory_serverMatch6.4.0.8

Node

ibmsecurity_directory_serverMatch6.3.1

ibmsecurity_directory_serverMatch6.3.1.0

ibmsecurity_directory_serverMatch6.3.1.1

ibmsecurity_directory_serverMatch6.3.1.2

ibmsecurity_directory_serverMatch6.3.1.3

ibmsecurity_directory_serverMatch6.3.1.4

ibmsecurity_directory_serverMatch6.3.1.5

ibmsecurity_directory_serverMatch6.3.1.6

ibmsecurity_directory_serverMatch6.3.1.7

ibmsecurity_directory_serverMatch6.3.1.8

ibmsecurity_directory_serverMatch6.3.1.9

ibmsecurity_directory_serverMatch6.3.1.10

ibmsecurity_directory_serverMatch6.3.1.11

ibmsecurity_directory_serverMatch6.3.1.12

ibmsecurity_directory_serverMatch6.3.1.13

ibmsecurity_directory_serverMatch6.3.1.14

ibmsecurity_directory_serverMatch6.3.1.15

ibmsecurity_directory_serverMatch6.3.1.16

ibmsecurity_directory_serverMatch6.3.1.17

VendorProductVersionCPE
ibmtivoli_directory_server6.2.0cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.0cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.1cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.2cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.3cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.4cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.5cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.6cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.7cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.8cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_directory_server	6.2.0	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:::::::*
ibm	tivoli_directory_server	6.2.0.0	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:::::::*
ibm	tivoli_directory_server	6.2.0.1	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:::::::*
ibm	tivoli_directory_server	6.2.0.2	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:::::::*
ibm	tivoli_directory_server	6.2.0.3	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:::::::*
ibm	tivoli_directory_server	6.2.0.4	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:::::::*
ibm	tivoli_directory_server	6.2.0.5	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:::::::*
ibm	tivoli_directory_server	6.2.0.6	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:::::::*
ibm	tivoli_directory_server	6.2.0.7	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:::::::*
ibm	tivoli_directory_server	6.2.0.8	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:::::::*

Rows per page:

1-10 of 1911

References

www-01.ibm.com/support/docview.wss?uid=swg21986452

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

68.4%

JSON

Related for CVE-2015-1977