The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.
Successful exploitation will let remote unauthorized attackers to access or view files or obtain sensitive information. Impact Level: Application
For WebSphere Application Server 6.0: Apply the latest Fix Pack (188.8.131.52 or later) or APAR PK91414 For WebSphere Application Server 6.1: Apply the latest Fix Pack (184.108.40.206 or later) or APAR PK91414 For WebSphere Application Server 7.1: Apply the latest Fix Pack (220.127.116.11 or later) or APAR PK91414 For updates refer to http://www.ibm.com/support/docview.wss?uid=swg1PK91414
The flaw is due to error in the Naming and Directory Interface (JNDI) implementation. It does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.
IBM WebSphere Application Server (WAS) 6.0 before 18.104.22.168, 6.1 before 22.214.171.124, and 7.0 before 126.96.36.199