Vulnerabilities > CVE-2004-2254 - Unspecified vulnerability in Netwin Surgeldap
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN netwin
exploit available
Summary
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Exploit-Db
| description | SurgeLDAP 1.0 Web Administration Authentication Bypass Vulnerability. CVE-2004-2254. Webapps exploit for cgi platform |
| id | EDB-ID:24094 |
| last seen | 2016-02-02 |
| modified | 2004-05-05 |
| published | 2004-05-05 |
| reporter | GSS IT |
| source | https://www.exploit-db.com/download/24094/ |
| title | SurgeLDAP 1.0 Web Administration Authentication Bypass Vulnerability |
References
- http://netwinsite.com/surgeldap/updates.htm
- http://netwinsite.com/surgeldap/updates.htm
- http://secunia.com/advisories/11549
- http://secunia.com/advisories/11549
- http://securitytracker.com/alerts/2004/May/1010113.html
- http://securitytracker.com/alerts/2004/May/1010113.html
- http://securitytracker.com/id?1010068
- http://securitytracker.com/id?1010068
- http://www.osvdb.org/5890
- http://www.osvdb.org/5890
- http://www.securityfocus.com/bid/10294
- http://www.securityfocus.com/bid/10294
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16076