SurgeLDAP 1.0 d - Full Path Disclosure

Author: Ziv Kamir
type: remote
platform: multiple
port: 
date_added: 2003-08-13 
date_updated: 2012-11-30 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/8406/info

SurgeLDAP is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing an HTTP GET request for an invalid resource.

This issue exists in the web server component of SurgeLDAP.

http://www.example.com:6680/aaa.html