Information Disclosure in IBM AIX - CVE-2016-6038
Published: September 27, 2016 / Updated: September 29, 2016
Vulnerability identifier: #VU663
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-6038
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM AIX
IBM AIX
Detailed vulnerability description
The vulnerability allows a remote user to obtain data on the target system.
The weakess exists due to directory traversal flaw in the Eclipse Help component shipped by the Tivoli Lightweight Infrastructure (LWI). Submission of specially crafted URL, containing directory traversal sequences allows remote attackers to view arbitrary files on the target system.
Successful exploitation of the vulnerability may result in access to sensitive information on the vulnerable system.
The weakess exists due to directory traversal flaw in the Eclipse Help component shipped by the Tivoli Lightweight Infrastructure (LWI). Submission of specially crafted URL, containing directory traversal sequences allows remote attackers to view arbitrary files on the target system.
Successful exploitation of the vulnerability may result in access to sensitive information on the vulnerable system.
How to mitigate CVE-2016-6038
Cybersecurity Help is currently unaware of any official solution to address this issue.