IBM Tivoli Lightweight Infrastructure Eclipse Help Directory Traversal Vulnerability


Description   (:A directory traversal vulnerability was reported in the Eclipse Help component shipped with Tivoli Lightweight Infrastructure (LWI).:An authenticated remote attacker could exploit it by using a specially crafted URL in order to read arbitrary files in the system with elevated privileges.::No further information is available.)
     
Vulnerable Products   Vulnerable OS:
Aix (IBM) - 5.3, 6.1, 7.1
     
Solution   * 5.3 and 6.1: stopsrc -s http4websm
     
CVE   CVE-2016-6038
     
References   - IBM : Vulnerability in Tivoli LWI impacts pConsole and WebSM for AIX
http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-09-22 

 Target Type 
Server 

 Possible exploit 
Remote