The host is running Apache Derby and is prone to information disclosure vulnerability.
Successful exploitation will let remote attackers to crack passwords by generating hash collisions. Impact Level: Application
Upgrade to Apache Derby version 10.6.1.0 or later, For updates refer to http://db.apache.org/derby/derby_downloads.html
The flaw is due to a weaknesses in the password hash generation algorithm used in Derby to store passwords in the database, performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions.
Apache Derby versions before 10.6.1.0
- Oracle MySQL Multiple Unspecified vulnerabilities - 06 Jan14 (Windows)
- IBM DB2 XML Feature Information Disclosure Vulnerability
- IBM DB2 STMM Denial Of Service Vulnerability (Linux)
- Oracle MySQL Server Multiple Vulnerability-05 Nov12 (Windows)
- PostgreSQL Low Cost Function Information Disclosure Vulnerability