Unauthenticated Access to LDAP Server Log Files in IBM Tivoli Directory Server

Unauthenticated Access to LDAP Server Log Files in IBM Tivoli Directory Server

CVE-2011-2758 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL.

Learn more about our Cis Benchmark Audit For Ibm I.