CVE-2015-1977

HIGH

IBM Tivoli Directory Server - Information Disclosure

Title source: rule
STIX 2.1

Description

Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21986452

Scores

CVSS v3 7.5
EPSS 0.0168
EPSS Percentile 74.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (50)
ibm/security_directory_server 6.4.0
ibm/security_directory_server 6.4.0.0
ibm/security_directory_server 6.4.0.1
ibm/security_directory_server 6.4.0.2
ibm/security_directory_server 6.4.0.3
ibm/security_directory_server 6.4.0.4
ibm/security_directory_server 6.4.0.5
ibm/security_directory_server 6.4.0.6
ibm/security_directory_server 6.4.0.7
ibm/security_directory_server 6.4.0.8
... and 40 more
Published Jul 15, 2016
Tracked Since Feb 18, 2026