Summary
The host is running IBM Tivoli Directory Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to obtain sensitive information that may aid in further attacks.
Impact Level: Application
Solution
Apply cumulative interim fix 6.2.0.3-TIV-ITDS-IF0004, https://www-304.ibm.com/support/docview.wss?uid=swg24030320
*****
NOTE : Ignore this warning, if above mentioned patch is already applied.
*****
Insight
- IDSWebApp in the Web Administration Tool not restricting access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL.
- The login page of IDSWebApp in the Web Administration Tool does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Affected
IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-2758, CVE-2011-2759 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple Remote Desktop Information Disclosure Vulnerability
- Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability
- Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)