IBM Director prior to 5.10 allows remote malicious users to obtain sensitive information from HTTP headers via HTTP TRACE.
ibm director