SurgeLDAP 1.0 d - Full Path Disclosure

EDB-ID:

23024

CVE:

N/A

Author:

Ziv Kamir

Type:

remote

Platform:

Multiple

Published:

2003-08-13

source: http://www.securityfocus.com/bid/8406/info

SurgeLDAP is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing an HTTP GET request for an invalid resource.

This issue exists in the web server component of SurgeLDAP.

http://www.example.com:6680/aaa.html