Vulnerabilities > CVE-2004-2526 - Directory Traversal vulnerability in IBM Tivoli Directory Server LDACGI
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | IBM Tivoli Directory Server 3.2.2/4.1 LDACGI Directory Traversal Vulnerability. CVE-2004-2526. Remote exploit for windows platform |
| id | EDB-ID:24345 |
| last seen | 2016-02-02 |
| modified | 2004-08-02 |
| published | 2004-08-02 |
| reporter | anonymous |
| source | https://www.exploit-db.com/download/24345/ |
| title | IBM Tivoli Directory Server 3.2.2/4.1 LDACGI Directory Traversal Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | TIVOLI_LDACGI_TRAVERSAL.NASL |
| description | The remote host is running IBM Tivoli |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14191 |
| published | 2004-08-02 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14191 |
| title | Tivoli Directory Server ldacgi.exe Template Parameter Traversal Arbitrary File Access |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1311.html
- http://secunia.com/advisories/10347
- http://securitytracker.com/id?1010834
- http://www.oliverkarow.de/research/IDS_directory_traversal.txt
- http://www.osvdb.org/8367
- http://www.securityfocus.com/bid/10841
- http://www-1.ibm.com/support/docview.wss?uid=isg1IR52692
- http://www-1.ibm.com/support/docview.wss?uid=swg1IR53631
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16850