SurgeLDAP 1.0 d - Full Path Disclosure

Author: Ziv Kamir
type: remote
platform: multiple
port: 
date_added: 2003-08-13  
date_updated: 2012-11-30  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 23024.txt  

source: https://www.securityfocus.com/bid/8406/info

SurgeLDAP is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing an HTTP GET request for an invalid resource.

This issue exists in the web server component of SurgeLDAP.

http://www.example.com:6680/aaa.html