CVE-2004-2526

Name of the Vulnerable Software and Affected Versions IBM Tivoli Directory Server versions 4.1 and earlier

Description A directory traversal issue exists, allowing remote attackers to view arbitrary files by utilizing a .. (dot dot) in the Template parameter.

Recommendations For IBM Tivoli Directory Server versions 4.1 and earlier, consider restricting access to the ldacgi.exe until a patch is available. Avoid using the Template parameter with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.