SNS Vulnerability

IBM Security/Tivoli Directory Server Directory Traversal Vulnerability

Description

(:A directory traversal vulnerability was reported in the Web Administration tool in IBM Security/Tivoli Directory Server.:A remote attacker could exploit it by using specially crafted URLs with dot characters (/../) in order to read arbitrary files.::No further information is available.)

Vulnerable Products

Vulnerable Software:
Security Directory Server (Tivoli Directory Server) (IBM) - 6.1, 6.1.0.74, 6.2, 6.2.0.50, 6.3, 6.3.0.43, 6.3.1, 6.3.1.18, 6.4, 6.4.0.9

Solution

- 6.4: 6.4.0.9-ISS-ISDS-IF0009.

CVE

CVE-2015-1977

References

- IBM : A security vulnerability has been identified in IBM Tivoli / Security Directory Server
http://www-01.ibm.com/support/docview.wss?uid=swg21986452

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
Misc : Directory traversal - parameter starting with ../	3.2.0
Directory traversal using ..\..	3.2.0
Directory traversal	3.2.0
Directory traversal backward root folder	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-07-08

Target Type

Server

Possible exploit

Remote