CVE-2006-0513
First published: Mon Feb 06 2006(Updated: )
Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Tivoli Access Manager for e-business | =6.0.0 | |
| IBM Tivoli Access Manager for e-business | =5.1.0.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vsecurity.com/bulletins/advisories/2006/tam-file-retrieval.txt
- http://www-1.ibm.com/support/docview.wss?uid=swg24011562
- http://securitytracker.com/id?1015582
- http://secunia.com/advisories/18725
- http://www.securityfocus.com/bid/16494
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041930.html
- http://securityreason.com/securityalert/412
- http://www.vupen.com/english/advisories/2006/0442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24485
- http://www.securityfocus.com/archive/1/423946/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0513?
CVE-2006-0513 is classified as a high severity vulnerability due to its potential to allow unauthorized file access.
Who is affected by CVE-2006-0513?
CVE-2006-0513 affects users of IBM Tivoli Access Manager for e-business versions 5.1.0.10 and 6.0.0.
How do I fix CVE-2006-0513?
To fix CVE-2006-0513, upgrade to a patched version of IBM Tivoli Access Manager that addresses the vulnerability.
What is the exploit vector for CVE-2006-0513?
The exploit vector for CVE-2006-0513 involves using a directory traversal attack to access arbitrary files through the filename parameter.
What can attackers do with CVE-2006-0513?
Attackers exploiting CVE-2006-0513 can read sensitive files on the server, potentially compromising security.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm tivoli access manager for e-business
- version/ibm tivoli access manager for e-business/5.1.0.10
- version/ibm tivoli access manager for e-business/6.0.0