CVE-2015-1977

Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21986452	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.49:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.48:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.47:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.39:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.37:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.36:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.44:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.29:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.31:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.40:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.24:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.42:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.34:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.30:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.26:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.32:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.27:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.46:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.35:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.23:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.45:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.25:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.41:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.43:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.33:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.5:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.23:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.22:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.21:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.19:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.41:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.8:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.39:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.38:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.29:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.40:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.24:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.11:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.33:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.30:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.42:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.17:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.6:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.35:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.31:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.36:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.12:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.26:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.14:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.37:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.28:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.27:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.34:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.9:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.25:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.15:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.18:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.7:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.72:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.71:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.70:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.69:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.59:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.58:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.57:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.56:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.43:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.42:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.41:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.61:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.40:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.53:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.67:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.55:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.66:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.44:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.73:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.60:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.62:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.65:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.51:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.64:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.68:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.52:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:::::::*
	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.54:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.50:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.49:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:::::::*
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:ibm:security_directory_server:6.4.0.2:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.4.0.0:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.4.0.7:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.4.0.6:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.4.0.5:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.4.0.4:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.4.0.3:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.4.0.8:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.4.0.1:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.4.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:ibm:security_directory_server:6.3.1.17:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.16:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.15:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.3:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.2:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.1:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.10:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.12:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.0:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.5:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.9:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.7:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.11:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.6:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.13:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.8:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.4:::::::*
	cpe:2.3:a:ibm:security_directory_server:6.3.1.14:::::::*

Information

Published : 2016-07-15 11:59

Updated : 2016-07-18 11:22

NVD link : CVE-2015-1977

Mitre link : CVE-2015-1977

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

ibm

tivoli_directory_server
security_directory_server

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2015-1977

7.5^/10

5.0^/10

Attach tags to `CVE-2015-1977`