SurgeLDAP.User.CGI.XSS
Description
This indicates an attempt to exploit one of several vulnerabilities in NetWin SurgeLDAP.
SurgeLDAP contains a Cross Site Scripting vulnerability, where if an attacker supplies hostile html and web scripts to a user it can be executed on the system.
If SurgeLDAP is supplied an overly long HTML request it can cause the server to crash leading to a Denial of Service.
SurgeLDAP stores passwords in a plaintext file. Any user with local access to the machine can therefore view the passwords for all users.
Affected Products
NetWin SurgeLDAP 1.0 d
Impact
Denial of Service.
System compromise: remote code execution.
Recommended Actions
Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-02 | 16.972 |