PT-2006-1578 · Ibm · Tivoli Web Server Plug-In+1

Timothy D. Morgan

Published

2006-02-06

Updated

2018-10-19

CVE-2006-0513

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tivoli Access Manager (TAM) version 5.1

Description A directory traversal issue exists in the Tivoli Web Server Plug-in, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the filename parameter.

Recommendations For Tivoli Access Manager (TAM) version 5.1, consider restricting access to the pkmslogout function in the Tivoli Web Server Plug-in until a patch is available. Avoid using the filename parameter with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0513

Affected Products

Tivoli Access Manager

Tivoli Web Server Plug-In

PT-2006-1578 · Ibm · Tivoli Web Server Plug-In+1

CVE-2006-0513

Related Identifiers

Affected Products

References · 13