Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802224
Category:General
Title:IBM Tivoli Directory Server Multiple Vulnerabilities
Summary:The host is running IBM Tivoli Directory Server and is prone; to multiple vulnerabilities.
Description:Summary:
The host is running IBM Tivoli Directory Server and is prone
to multiple vulnerabilities.

Vulnerability Insight:
- IDSWebApp in the Web Administration Tool not restricting access to LDAP
Server log files, which allows remote attackers to obtain sensitive information via a crafted URL.

- The login page of IDSWebApp in the Web Administration Tool does not have
an off autocomplete attribute for authentication fields, which makes it
easier for remote attackers to obtain access by leveraging an unattended workstation.

Vulnerability Impact:
Successful exploitation will allow attackers to obtain sensitive information
that may aid in further attacks.

Affected Software/OS:
IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004

Solution:
Apply cumulative interim fix 6.2.0.3-TIV-ITDS-IF0004.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: BugTraq ID: 48512
Common Vulnerability Exposure (CVE) ID: CVE-2011-2758
AIX APAR: IO14060
http://www.ibm.com/support/docview.wss?uid=swg1IO14060
http://www.securityfocus.com/bid/48512
http://secunia.com/advisories/45107
Common Vulnerability Exposure (CVE) ID: CVE-2011-2759
AIX APAR: IO14165
http://www.ibm.com/support/docview.wss?uid=swg1IO14165
XForce ISS Database: ibm-tds-idswebapp-info-disc(68585)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68585
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.