You are here

V-011: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information

October 26, 2012 - 6:00am

Addthis

PROBLEM:

IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information

PLATFORM:

Software version: 6.2.3, 6.2.3.1

ABSTRACT:

A vulnerability was reported in IBM Tivoli Monitoring.

REFERENCE LINKS:

IBM Support Document: 1614003
IBM Support Portal
SecurityTracker Alert ID:  1027692

IMPACT ASSESSMENT:

High

DISCUSSION:

A remote user may be able to conduct HTTP TRACE and HTTP TRACK attacks to access sensitive information from the HTTP headers.

IMPACT:

A remote user can obtain potentially sensitive information.

SOLUTION:

The vendor has issued a fix (APAR IV23864).

Addthis