CVE-2015-1972

IBM Tivoli Security Directory Server 6.0-6.4 - Exposure of Sensitive Information via Crafted POST Request

Title source: llm
STIX 2.1

Description

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032734
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21960659
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75441

Scores

EPSS 0.0222
EPSS Percentile 80.5%

Details

CWE
CWE-200
Status published
Products (6)
ibm/tivoli_directory_server 6.0
ibm/tivoli_directory_server 6.1.0
ibm/tivoli_directory_server 6.2.0.0
ibm/tivoli_directory_server 6.3.0.0
ibm/tivoli_directory_server 6.3.1.0
ibm/tivoli_directory_server 6.4.0
Published Jun 28, 2015
Tracked Since Feb 18, 2026