SurgeLDAP.HTTP.GET.DoS
Description
This indicates an attack attempt against a denial-of-service vulnerability in SurgeLDAP.
The vulnerability is due to an error when the vulnerable software handles an overly long HTML request. An attacker may exploit this to cause the server to crash, leading to a denial of service.
SurgeLDAP stores passwords in a plaintext file. Any user with local access to the machine can therefore view the passwords for all users.
Affected Products
NetWin SurgeLDAP 1.0 d
Impact
Denial of service
System compromise: remote code execution.
Recommended Actions
Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-02 | 16.972 |