CVE-2015-1977

CVSS V2 Medium 5 CVSS V3 High 7.5

Description

Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

Overview

CVE ID
CVE-2015-1977

Assigner
psirt@us.ibm.com

Vulnerability Status
Analyzed

Published Version
2016-07-15T18:59:00

Last Modified Date
2016-07-18T18:22:30

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.23:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.24:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.25:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.26:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.27:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.29:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.30:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.31:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.32:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.33:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.34:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.35:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.36:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.37:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.39:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.40:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.41:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.42:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.43:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.44:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.45:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.46:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.47:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.48:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.49:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.11:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.12:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.14:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.15:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.17:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.18:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.19:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.21:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.22:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.23:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.24:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.25:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.26:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.27:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.28:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.29:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.30:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.31:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.33:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.34:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.35:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.36:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.37:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.38:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.39:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.40:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.41:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.42:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.5:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.6:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.7:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.8:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.9:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.40:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.41:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.42:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.43:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.44:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.49:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.50:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.51:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.52:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.53:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.54:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.55:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.56:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.57:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.58:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.59:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.60:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.61:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.62:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.64:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.65:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.66:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.67:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.68:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.69:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.70:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.71:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.72:::::::*	1	OR
cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.73:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.4.0:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.4.0.0:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.4.0.1:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.4.0.2:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.4.0.3:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.4.0.4:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.4.0.5:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.4.0.6:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.4.0.7:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.4.0.8:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.0:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.1:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.2:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.3:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.4:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.5:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.6:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.7:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.8:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.9:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.10:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.11:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.12:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.13:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.14:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.15:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.16:::::::*	1	OR
cpe:2.3:a:ibm:security_directory_server:6.3.1.17:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
NONE

Availability Impact
NONE

Base Score
5

Severity
MEDIUM

Exploitability Score
10

Impact Score
2.9

CVSS Version 3

Version
3.0

Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector
NETWORK

Attack Compatibility
LOW

Privileges Required
NONE

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
HIGH

Availability Impact
NONE

Base Score
7.5

Base Severity
HIGH

Exploitability Score
3.9

Impact Score
3.6

References

Reference URL	Reference Tags
http://www-01.ibm.com/support/docview.wss?uid=swg21986452	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2015-1977
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1977

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 10:14:38				Added to TrackCVE
2022-12-02 10:24:58	2016-07-15T18:59Z	2016-07-15T18:59:00	CVE Published Date	updated
2022-12-02 10:24:58		2016-07-18T18:22:30	CVE Modified Date	updated
2022-12-02 10:24:58		Analyzed	Vulnerability Status	updated