Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2526 — Path Traversal in IBM Tivoli Directory Server

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

6.2%

top 9.10%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Tivoli Directory Server

Timeline

PublishedDec 31

Latest updateApr 29

Description

Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_directory_server4.1+1

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-26r4-3m3w-c772: Directory traversal vulnerability in ldacgi↗2022-04-29

▶

CVEList

CVE-2004-2526: Directory traversal vulnerability in ldacgi↗2005-10-25

▶

💥Exploits & PoCs

Exploit-DB

IBM Tivoli Directory Server 3.2.2/4.1 - LDACGI Directory Traversal↗2004-08-02

▶