The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.

Successful exploitation will let remote unauthorized attackers to access or view files or obtain sensitive information. Impact Level: Application

For WebSphere Application Server 6.0: Apply the latest Fix Pack (6.0.2.39 or later) or APAR PK91414 For WebSphere Application Server 6.1: Apply the latest Fix Pack (6.1.0.29 or later) or APAR PK91414 For WebSphere Application Server 7.1: Apply the latest Fix Pack (7.0.0.7 or later) or APAR PK91414 For updates refer to http://www.ibm.com/support/docview.wss?uid=swg1PK91414

The flaw is due to error in the Naming and Directory Interface (JNDI) implementation. It does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7

• http://www.ibm.com/support/docview.wss?uid=swg1PK91414
• http://www.ibm.com/support/docview.wss?uid=swg1PK99480
• http://xforce.iss.net/xforce/xfdb/54228

---

Updated on 2015-03-25