Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2526

Description

Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.

Affected products

IBM/Tivoli Directory Server2 versions
cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*range: <=4.1
- cpe:2.3:a:ibm:tivoli_directory_server:3.2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-1.ibm.com/support/docview.wssnvdPatchVendor Advisory
www-1.ibm.com/support/docview.wssnvdPatchVendor Advisory
archives.neohapsis.com/archives/fulldisclosure/2004-07/1311.htmlnvdExploit
secunia.com/advisories/10347nvdExploitPatchVendor Advisory
securitytracker.com/idnvdExploitPatchVendor Advisory
www.oliverkarow.de/research/IDS_directory_traversal.txtnvdExploitPatchVendor Advisory
www.osvdb.org/8367nvdExploitPatchVendor Advisory
www.securityfocus.com/bid/10841nvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/16850nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000