Lucene search
HistoryDec 31, 2004 - 5:00 a.m.
CVE-2004-2254
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.037
Percentile
91.8%
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
Affected configurations
Node
netwinsurgeldapMatch1.0a
ORnetwinsurgeldapMatch1.0b
ORnetwinsurgeldapMatch1.0d
ORnetwinsurgeldapMatch1.0e
ORnetwinsurgeldapMatch1.0f
ORnetwinsurgeldapMatch1.0g
| Vendor | Product | Version | CPE |
|---|---|---|---|
| netwin | surgeldap | 1.0a | cpe:2.3:a:netwin:surgeldap:1.0a:*:*:*:*:*:*:* |
| netwin | surgeldap | 1.0b | cpe:2.3:a:netwin:surgeldap:1.0b:*:*:*:*:*:*:* |
| netwin | surgeldap | 1.0d | cpe:2.3:a:netwin:surgeldap:1.0d:*:*:*:*:*:*:* |
| netwin | surgeldap | 1.0e | cpe:2.3:a:netwin:surgeldap:1.0e:*:*:*:*:*:*:* |
| netwin | surgeldap | 1.0f | cpe:2.3:a:netwin:surgeldap:1.0f:*:*:*:*:*:*:* |
| netwin | surgeldap | 1.0g | cpe:2.3:a:netwin:surgeldap:1.0g:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2004-2254
2005-07-17 04:00:00
cve
cve
CVE-2004-2254
2005-07-17 04:00:00
exploitdb
exploitdb
SurgeLDAP 1.0 - Web Administration Authentication Bypass
2004-05-05 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.037
Percentile
91.8%
Related for NVD:CVE-2004-2254