Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SurgeLDAP 1.0g (Build 12), and possibly other versions prior to 1.0h, allows remote malicious users to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netwin surgeldap 1.0a
netwin surgeldap 1.0e
netwin surgeldap 1.0f
netwin surgeldap 1.0b
netwin surgeldap 1.0d
netwin surgeldap 1.0g

source: wwwsecurityfocuscom/bid/10294/info SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems It includes a built-in web server to permit remote user access via HTTP It has been reported that the SurgeLDAP web administration application is prone to an authentication bypass vulnerability ...

NVD-CWE-Other http://netwinsite.com/surgeldap/updates.htm http://www.securityfocus.com/bid/10294 http://www.osvdb.org/5890 http://securitytracker.com/id?1010068 http://securitytracker.com/alerts/2004/May/1010113.html http://secunia.com/advisories/11549 https://exchange.xforce.ibmcloud.com/vulnerabilities/16076 https://nvd.nist.gov https://www.exploit-db.com/exploits/24094/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2254

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect