Required CVE Record Information
Description
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
References 7 Total
- securitytracker.com: 1010113 vdb-entry
- exchange.xforce.ibmcloud.com: surgeldap-admin-auth-bypass(16076) vdb-entry
- securitytracker.com: 1010068 vdb-entry
- http://netwinsite.com/surgeldap/updates.htm
- secunia.com: 11549 third-party-advisory
- securityfocus.com: 10294 vdb-entry
- osvdb.org: 5890 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- securitytracker.com: 1010113 vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: surgeldap-admin-auth-bypass(16076) vdb-entryx_transferred
- securitytracker.com: 1010068 vdb-entryx_transferred
- http://netwinsite.com/surgeldap/updates.htm x_transferred
- secunia.com: 11549 third-party-advisoryx_transferred
- securityfocus.com: 10294 vdb-entryx_transferred
- osvdb.org: 5890 vdb-entryx_transferred