Remote Information Disclosure in IBM Director by IBM
CVE-2006-4683

Currently unrated

Key Information:

Vendor: IBM
Status: Director
Vendor: CVE Published:; 11 September 2006

Summary

IBM Director versions prior to 5.10 are vulnerable to an information disclosure issue that allows remote attackers to exploit the system via the HTTP TRACE method. This capability can enable adversaries to extract sensitive information contained in HTTP headers, potentially leading to unauthorized access or further exploitation of the system. It is crucial for users and administrators to disable the HTTP TRACE method as a preventive measure and apply any relevant security updates provided by IBM.

References

ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5....

vendor-advisoryx_refsource_AIXAPAR

http://www.vupen.com/english/advisories/2006/3532

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/21802

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 11, 2006
Vulnerability Reserved
Sep 11, 2006