Directory Traversal Vulnerability in Tivoli Access Manager Web Server Plug-in
CVE-2006-0513

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Access Manager For E-business
Vendor: CVE Published:; 6 February 2006

Summary

A directory traversal vulnerability exists in the Tivoli Access Manager Web Server Plug-in version 5.1.0.10, allowing remote attackers to exploit improper validation of user-supplied input. This flaw can enable the unauthorized reading of arbitrary files on the server by manipulating the filename parameter with directory traversal sequences, such as '..'. If successfully exploited, this could lead to unauthorized access to sensitive information stored within the file system.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-F...

mailing-listx_refsource_FULLDISC

http://www-1.ibm.com/support/docview.wss?uid=swg24011562

vendor-advisoryx_refsource_AIXAPAR

http://www.vupen.com/english/advisories/2006/0442

vdb-entryx_refsource_VUPEN

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 6, 2006
Vulnerability Reserved
Feb 2, 2006