https://www.exploit-db.com/exploits/24094
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-335

SurgeLDAP是一款高级易管理的高性能的LDAPv3服务器。SurgeLDAPWeb管理应用程序验证实现存在问题，远程攻击者可以利用这个漏洞未授权访问管理程序，可修改LDAP数据库记录，破坏数据，使服务器崩溃等。目前没有详细漏洞细节提供。

source: http://www.securityfocus.com/bid/10294/info

SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP. 

It has been reported that the SurgeLDAP web administration application is prone to an authentication bypass vulnerability, possibly allowing remote attackers manager access.

Once administration access is granted, it may be possible for an attacker to modify records in the LDAP database, destroy data, crash the server, or possibly further attacks on other services utilizing SurgeLDAP for it's authentication data.

http://www.example.com/admin.cgi?cmd=show&page=main.tpl&utoken=manager

来源:OSVDB
名称:5890
链接:http://www.osvdb.org/5890
来源:SECTRACK
名称:1010113
链接:http://securitytracker.com/alerts/2004/May/1010113.html
来源:netwinsite.com
链接:http://netwinsite.com/surgeldap/updates.htm
来源:XF
名称:surgeldap-admin-auth-bypass(16076)
链接:http://xforce.iss.net/xforce/xfdb/16076
来源:BID
名称:10294
链接:http://www.securityfocus.com/bid/10294
来源:SECTRACK
名称:1010068
链接:http://securitytracker.com/id?1010068
来源:SECUNIA
名称:11549
链接:http://secunia.com/advisories/11549
来源：NSFOCUS
名称：6414
链接：http://www.nsfocus.net/vulndb/6414