VYPR
Get started
← All advisories
High severity7.5NVD Advisory· Published Jul 15, 2016· Updated May 6, 2026

CVE-2015-1977

CVE-2015-1977

Description

Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

Affected products

191
  • IBM/Tivoli Directory Server162 versions
    cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.40:*:*:*:*:*:*:*+ 161 more
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.40:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.41:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.42:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.43:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.44:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.45:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.46:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.47:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.48:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.49:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.26:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.27:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.29:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.30:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.32:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.33:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.34:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.35:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.36:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.37:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.39:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.37:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.40:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.41:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.42:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.43:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.44:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.49:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.50:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.51:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.52:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.53:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.68:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.69:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.22:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.26:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.27:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.29:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.30:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.33:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.34:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.35:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.36:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.38:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.39:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.40:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.41:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.42:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.54:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.55:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.56:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.57:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.58:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.59:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.60:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.61:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.62:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.64:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.65:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.66:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.67:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.70:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.71:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.72:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.73:*:*:*:*:*:*:*
  • IBM/Security Directory Server29 versions
    cpe:2.3:a:ibm:security_directory_server:6.4.0.5:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:a:ibm:security_directory_server:6.4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.4.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_directory_server:6.3.1.17:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.