VULHUB ™

It is possible for a remote user to traverse the directories of a host running IBM Tivoli SecureWay Policy Director. Submitting a specially crafted URL using hex encoded 'double dot' sequences will reveal arbitrary directories. In addition to revealing directories, this vulnerability could enable a user to obtain the contents of files readable by the webserver user.

It is possible for a remote user to traverse the directories of a host running IBM Tivoli SecureWay Policy Director. Submitting a specially crafted URL using hex encoded 'double dot' sequences will reveal arbitrary directories. In addition to revealing directories, this vulnerability could enable a user to obtain the contents of files readable by the webserver user.