CVE-2015-1977

Published: Jul 15, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

Affected (191)

Products: Ibm: Tivoli Directory Server, Security Directory Server

Ibm

2 products

Tivoli Directory Server

Security Directory Server

Configuration A

46 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Directory Server	Version 6.2.0.0
Ibm Tivoli Directory Server	Version 6.2.0.10
Ibm Tivoli Directory Server	Version 6.2.0.11
Ibm Tivoli Directory Server	Version 6.2.0.12
Ibm Tivoli Directory Server	Version 6.2.0.13
Ibm Tivoli Directory Server	Version 6.2.0.14
Ibm Tivoli Directory Server	Version 6.2.0.15
Ibm Tivoli Directory Server	Version 6.2.0.19
Ibm Tivoli Directory Server	Version 6.2.0.1
Ibm Tivoli Directory Server	Version 6.2.0.20
Ibm Tivoli Directory Server	Version 6.2.0.21
Ibm Tivoli Directory Server	Version 6.2.0.22
Ibm Tivoli Directory Server	Version 6.2.0.23
Ibm Tivoli Directory Server	Version 6.2.0.24
Ibm Tivoli Directory Server	Version 6.2.0.25
Ibm Tivoli Directory Server	Version 6.2.0.26
Ibm Tivoli Directory Server	Version 6.2.0.27
Ibm Tivoli Directory Server	Version 6.2.0.29
Ibm Tivoli Directory Server	Version 6.2.0.2
Ibm Tivoli Directory Server	Version 6.2.0.30
Ibm Tivoli Directory Server	Version 6.2.0.31
Ibm Tivoli Directory Server	Version 6.2.0.32
Ibm Tivoli Directory Server	Version 6.2.0.33
Ibm Tivoli Directory Server	Version 6.2.0.34
Ibm Tivoli Directory Server	Version 6.2.0.35
Ibm Tivoli Directory Server	Version 6.2.0.36
Ibm Tivoli Directory Server	Version 6.2.0.37
Ibm Tivoli Directory Server	Version 6.2.0.38
Ibm Tivoli Directory Server	Version 6.2.0.39
Ibm Tivoli Directory Server	Version 6.2.0.3
Ibm Tivoli Directory Server	Version 6.2.0.40
Ibm Tivoli Directory Server	Version 6.2.0.41
Ibm Tivoli Directory Server	Version 6.2.0.42
Ibm Tivoli Directory Server	Version 6.2.0.43
Ibm Tivoli Directory Server	Version 6.2.0.44
Ibm Tivoli Directory Server	Version 6.2.0.45
Ibm Tivoli Directory Server	Version 6.2.0.46
Ibm Tivoli Directory Server	Version 6.2.0.47
Ibm Tivoli Directory Server	Version 6.2.0.48
Ibm Tivoli Directory Server	Version 6.2.0.49
Ibm Tivoli Directory Server	Version 6.2.0.4
Ibm Tivoli Directory Server	Version 6.2.0.5
Ibm Tivoli Directory Server	Version 6.2.0.6
Ibm Tivoli Directory Server	Version 6.2.0.7
Ibm Tivoli Directory Server	Version 6.2.0.8
Ibm Tivoli Directory Server	Version 6.2.0

Configuration B

42 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Directory Server	Version 6.3.0.0
Ibm Tivoli Directory Server	Version 6.3.0.10
Ibm Tivoli Directory Server	Version 6.3.0.11
Ibm Tivoli Directory Server	Version 6.3.0.12
Ibm Tivoli Directory Server	Version 6.3.0.14
Ibm Tivoli Directory Server	Version 6.3.0.15
Ibm Tivoli Directory Server	Version 6.3.0.17
Ibm Tivoli Directory Server	Version 6.3.0.18
Ibm Tivoli Directory Server	Version 6.3.0.19
Ibm Tivoli Directory Server	Version 6.3.0.1
Ibm Tivoli Directory Server	Version 6.3.0.21
Ibm Tivoli Directory Server	Version 6.3.0.22
Ibm Tivoli Directory Server	Version 6.3.0.23
Ibm Tivoli Directory Server	Version 6.3.0.24
Ibm Tivoli Directory Server	Version 6.3.0.25
Ibm Tivoli Directory Server	Version 6.3.0.26
Ibm Tivoli Directory Server	Version 6.3.0.27
Ibm Tivoli Directory Server	Version 6.3.0.28
Ibm Tivoli Directory Server	Version 6.3.0.29
Ibm Tivoli Directory Server	Version 6.3.0.2
Ibm Tivoli Directory Server	Version 6.3.0.30
Ibm Tivoli Directory Server	Version 6.3.0.31
Ibm Tivoli Directory Server	Version 6.3.0.32
Ibm Tivoli Directory Server	Version 6.3.0.33
Ibm Tivoli Directory Server	Version 6.3.0.34
Ibm Tivoli Directory Server	Version 6.3.0.35
Ibm Tivoli Directory Server	Version 6.3.0.36
Ibm Tivoli Directory Server	Version 6.3.0.37
Ibm Tivoli Directory Server	Version 6.3.0.38
Ibm Tivoli Directory Server	Version 6.3.0.39
Ibm Tivoli Directory Server	Version 6.3.0.40
Ibm Tivoli Directory Server	Version 6.3.0.41
Ibm Tivoli Directory Server	Version 6.3.0.42
Ibm Tivoli Directory Server	Version 6.3.0.8
Ibm Tivoli Directory Server	Version 6.3.0.9
Ibm Tivoli Directory Server	Version 6.3.0
Ibm Tivoli Directory Server	Version 6.3.1.0
Ibm Tivoli Directory Server	Version 6.3.1.5
Ibm Tivoli Directory Server	Version 6.3.1.6
Ibm Tivoli Directory Server	Version 6.3.1.7
Ibm Tivoli Directory Server	Version 6.3.1.8
Ibm Tivoli Directory Server	Version 6.3.1.9

Configuration C

74 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Directory Server	Version 6.1.0.0
Ibm Tivoli Directory Server	Version 6.1.0.10
Ibm Tivoli Directory Server	Version 6.1.0.11
Ibm Tivoli Directory Server	Version 6.1.0.12
Ibm Tivoli Directory Server	Version 6.1.0.13
Ibm Tivoli Directory Server	Version 6.1.0.14
Ibm Tivoli Directory Server	Version 6.1.0.15
Ibm Tivoli Directory Server	Version 6.1.0.17
Ibm Tivoli Directory Server	Version 6.1.0.18
Ibm Tivoli Directory Server	Version 6.1.0.19
Ibm Tivoli Directory Server	Version 6.1.0.1
Ibm Tivoli Directory Server	Version 6.1.0.20
Ibm Tivoli Directory Server	Version 6.1.0.21
Ibm Tivoli Directory Server	Version 6.1.0.22
Ibm Tivoli Directory Server	Version 6.1.0.23
Ibm Tivoli Directory Server	Version 6.1.0.24
Ibm Tivoli Directory Server	Version 6.1.0.25
Ibm Tivoli Directory Server	Version 6.1.0.26
Ibm Tivoli Directory Server	Version 6.1.0.27
Ibm Tivoli Directory Server	Version 6.1.0.28
Ibm Tivoli Directory Server	Version 6.1.0.29
Ibm Tivoli Directory Server	Version 6.1.0.2
Ibm Tivoli Directory Server	Version 6.1.0.30
Ibm Tivoli Directory Server	Version 6.1.0.31
Ibm Tivoli Directory Server	Version 6.1.0.32
Ibm Tivoli Directory Server	Version 6.1.0.33
Ibm Tivoli Directory Server	Version 6.1.0.34
Ibm Tivoli Directory Server	Version 6.1.0.35
Ibm Tivoli Directory Server	Version 6.1.0.36
Ibm Tivoli Directory Server	Version 6.1.0.37
Ibm Tivoli Directory Server	Version 6.1.0.38
Ibm Tivoli Directory Server	Version 6.1.0.39
Ibm Tivoli Directory Server	Version 6.1.0.3
Ibm Tivoli Directory Server	Version 6.1.0.40
Ibm Tivoli Directory Server	Version 6.1.0.41
Ibm Tivoli Directory Server	Version 6.1.0.42
Ibm Tivoli Directory Server	Version 6.1.0.43
Ibm Tivoli Directory Server	Version 6.1.0.44
Ibm Tivoli Directory Server	Version 6.1.0.45
Ibm Tivoli Directory Server	Version 6.1.0.46
Ibm Tivoli Directory Server	Version 6.1.0.47
Ibm Tivoli Directory Server	Version 6.1.0.48
Ibm Tivoli Directory Server	Version 6.1.0.49
Ibm Tivoli Directory Server	Version 6.1.0.4
Ibm Tivoli Directory Server	Version 6.1.0.50
Ibm Tivoli Directory Server	Version 6.1.0.51
Ibm Tivoli Directory Server	Version 6.1.0.52
Ibm Tivoli Directory Server	Version 6.1.0.53
Ibm Tivoli Directory Server	Version 6.1.0.54
Ibm Tivoli Directory Server	Version 6.1.0.55
Ibm Tivoli Directory Server	Version 6.1.0.56
Ibm Tivoli Directory Server	Version 6.1.0.57
Ibm Tivoli Directory Server	Version 6.1.0.58
Ibm Tivoli Directory Server	Version 6.1.0.59
Ibm Tivoli Directory Server	Version 6.1.0.5
Ibm Tivoli Directory Server	Version 6.1.0.60
Ibm Tivoli Directory Server	Version 6.1.0.61
Ibm Tivoli Directory Server	Version 6.1.0.62
Ibm Tivoli Directory Server	Version 6.1.0.63
Ibm Tivoli Directory Server	Version 6.1.0.64
Ibm Tivoli Directory Server	Version 6.1.0.65
Ibm Tivoli Directory Server	Version 6.1.0.66
Ibm Tivoli Directory Server	Version 6.1.0.67
Ibm Tivoli Directory Server	Version 6.1.0.68
Ibm Tivoli Directory Server	Version 6.1.0.69
Ibm Tivoli Directory Server	Version 6.1.0.6
Ibm Tivoli Directory Server	Version 6.1.0.70
Ibm Tivoli Directory Server	Version 6.1.0.71
Ibm Tivoli Directory Server	Version 6.1.0.72
Ibm Tivoli Directory Server	Version 6.1.0.73
Ibm Tivoli Directory Server	Version 6.1.0.7
Ibm Tivoli Directory Server	Version 6.1.0.8
Ibm Tivoli Directory Server	Version 6.1.0.9
Ibm Tivoli Directory Server	Version 6.1.0

Configuration D

10 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Directory Server	Version 6.4.0.0
Ibm Security Directory Server	Version 6.4.0.1
Ibm Security Directory Server	Version 6.4.0.2
Ibm Security Directory Server	Version 6.4.0.3
Ibm Security Directory Server	Version 6.4.0.4
Ibm Security Directory Server	Version 6.4.0.5
Ibm Security Directory Server	Version 6.4.0.6
Ibm Security Directory Server	Version 6.4.0.7
Ibm Security Directory Server	Version 6.4.0.8
Ibm Security Directory Server	Version 6.4.0

Configuration E

19 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Directory Server	Version 6.3.1.0
Ibm Security Directory Server	Version 6.3.1.10
Ibm Security Directory Server	Version 6.3.1.11
Ibm Security Directory Server	Version 6.3.1.12
Ibm Security Directory Server	Version 6.3.1.13
Ibm Security Directory Server	Version 6.3.1.14
Ibm Security Directory Server	Version 6.3.1.15
Ibm Security Directory Server	Version 6.3.1.16
Ibm Security Directory Server	Version 6.3.1.17
Ibm Security Directory Server	Version 6.3.1.1
Ibm Security Directory Server	Version 6.3.1.2
Ibm Security Directory Server	Version 6.3.1.3
Ibm Security Directory Server	Version 6.3.1.4
Ibm Security Directory Server	Version 6.3.1.5
Ibm Security Directory Server	Version 6.3.1.6
Ibm Security Directory Server	Version 6.3.1.7
Ibm Security Directory Server	Version 6.3.1.8
Ibm Security Directory Server	Version 6.3.1.9
Ibm Security Directory Server	Version 6.3.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www-01.ibm.com/support/docview.wss?uid=swg21986452

Source: psirt@us.ibm.com

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21986452

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.