Directory Traversal Vulnerability in SurgeLDAP by SurgeWorks
CVE-2004-2253

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgeldap
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2253?

A directory traversal vulnerability exists in the user.cgi script of SurgeLDAP 1.0g and earlier. This flaw allows remote attackers to manipulate the page parameter in the show command, enabling them to access arbitrary files on the system by using the '..' (dot-dot) notation. Such exploitation could lead to unauthorized access to sensitive information and system files, posing a significant risk to the security of affected installations.

References

http://www.securityfocus.com/bid/10103

vdb-entryx_refsource_BID

http://members.lycos.co.uk/r34ct/main/SurgeLDAP%201.0g.txt

x_refsource_MISC

http://secunia.com/advisories/11343

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jul 17, 2005
Vulnerability published
Dec 31, 2004

Netwin

What is CVE-2004-2253?

References

Timeline