Summary
There is a vulnerability in the current version of SurgeLDAP that allows an attacker to retrieve arbitrary files from the webserver that reside outside the bounding HTML root directory.
Severity
Classification
-
CVE CVE-2004-2253 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)
- Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
- Aardvark Topsites Multiple Vulnerabilities