CVE-2004-2253 Information

Description

Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.

Reference

http://members.lycos.co.uk/r34ct/main/SurgeLDAP201.0g.txt http://secunia.com/advisories/11343 http://www.securityfocus.com/bid/10103 https://exchange.xforce.ibmcloud.com/vulnerabilities/15851