CVE-2015-1977

Name of the Vulnerable Software and Affected Versions IBM Tivoli Directory Server (ITDS) versions 6.1.0 before 6.1.0.74-ISS-ISDS-IF0074 IBM Tivoli Directory Server (ITDS) versions 6.2.x before 6.2.0.50-ISS-ISDS-IF0050 IBM Tivoli Directory Server (ITDS) versions 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 IBM Security Directory Server (ISDS) versions 6.3.1 before 6.3.1.18-ISS-ISDS-IF0018 IBM Security Directory Server (ISDS) versions 6.4.x before 6.4.0.9-ISS-ISDS-IF0009

Description A directory traversal vulnerability exists in the Web Administration tool of IBM Tivoli Directory Server (ITDS) and IBM Security Directory Server (ISDS). This issue allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

Recommendations For IBM Tivoli Directory Server (ITDS) versions 6.1.0 before 6.1.0.74-ISS-ISDS-IF0074, update to version 6.1.0.74-ISS-ISDS-IF0074 or later. For IBM Tivoli Directory Server (ITDS) versions 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, update to version 6.2.0.50-ISS-ISDS-IF0050 or later. For IBM Tivoli Directory Server (ITDS) versions 6.3.x before 6.3.0.43-ISS-ISDS-IF0043, update to version 6.3.0.43-ISS-ISDS-IF0043 or later. For IBM Security Directory Server (ISDS) versions 6.3.1 before 6.3.1.18-ISS-ISDS-IF0018, update to version 6.3.1.18-ISS-ISDS-IF0018 or later. For IBM Security Directory Server (ISDS) versions 6.4.x before 6.4.0.9-ISS-ISDS-IF0009, update to version 6.4.0.9-ISS-ISDS-IF0009 or later.