virus logo Intrusion Prevention

SurgeLDAP.User.CGI.XSS

description-logoDescription

This indicates an attempt to exploit one of several vulnerabilities in NetWin SurgeLDAP.
SurgeLDAP contains a Cross Site Scripting vulnerability, where if an attacker supplies hostile html and web scripts to a user it can be executed on the system.
If SurgeLDAP is supplied an overly long HTML request it can cause the server to crash leading to a Denial of Service.
SurgeLDAP stores passwords in a plaintext file. Any user with local access to the machine can therefore view the passwords for all users.

affected-products-logoAffected Products

NetWin SurgeLDAP 1.0 d

Impact logoImpact

Denial of Service.
System compromise: remote code execution.

recomended-action-logoRecommended Actions

Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-02 16.972
ID 10841
Created Aug 24, 2005
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other