CVE-2004-2254

N/A Unknown

Published: December 31, 2004 Modified: April 16, 2026

Description

SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://netwinsite.com/surgeldap/updates.htm

Source: cve@mitre.org

Patch

http://secunia.com/advisories/11549

Source: cve@mitre.org

Exploit Vendor Advisory

http://securitytracker.com/alerts/2004/May/1010113.html

Source: cve@mitre.org

Exploit Patch

http://securitytracker.com/id?1010068

Source: cve@mitre.org

Exploit

http://www.osvdb.org/5890

Source: cve@mitre.org

Exploit Patch

http://www.securityfocus.com/bid/10294

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/16076

Source: cve@mitre.org

http://netwinsite.com/surgeldap/updates.htm