V-011: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information

October 26, 2012 - 6:00am

PROBLEM:

IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information

PLATFORM:

Software version: 6.2.3, 6.2.3.1

ABSTRACT:

A vulnerability was reported in IBM Tivoli Monitoring.

REFERENCE LINKS:

IBM Support Document: 1614003
IBM Support Portal
SecurityTracker Alert ID: 1027692

IMPACT ASSESSMENT:

High

DISCUSSION:

A remote user may be able to conduct HTTP TRACE and HTTP TRACK attacks to access sensitive information from the HTTP headers.

IMPACT:

A remote user can obtain potentially sensitive information.

SOLUTION:

The vendor has issued a fix (APAR IV23864).

Energy.gov

Office of the Chief Information Officer

Office of the Chief Information Officer

All Offices

You are here

V-011: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information

PROBLEM:

PLATFORM:

ABSTRACT:

REFERENCE LINKS:

IMPACT ASSESSMENT:

DISCUSSION:

IMPACT:

SOLUTION:

JC3 Contact:

Energy.gov

Energy.gov

Office of the Chief Information Officer

Search form

Office of the Chief Information Officer

All Offices

You are here

V-011: IBM Tivoli Monitoring Web Server HTTP TRACE/TRACK Support Lets Remote Users Obtain Potentially Sensitive Information

Addthis

PROBLEM:

PLATFORM:

ABSTRACT:

REFERENCE LINKS:

IMPACT ASSESSMENT:

DISCUSSION:

IMPACT:

SOLUTION:

Addthis

Related Articles

JC3 Contact:

Energy.gov