PT-2002-1807 · Injoin · Injoin Directory Server

Published

2002-07-26

Updated

2008-09-05

CVE-2002-0786

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: inJoin Directory Server version 4.0

Description: The issue allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. This could potentially lead to unauthorized access to sensitive information.

Recommendations: For inJoin Directory Server version 4.0, consider restricting access to the LOG parameter to prevent arbitrary file reading until a patch is available. As a temporary workaround, limit the privileges of inJoin administrators to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0786

Affected Products

Injoin Directory Server

PT-2002-1807 · Injoin · Injoin Directory Server

CVE-2002-0786

Related Identifiers

Affected Products

References · 5