The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.
Successful exploitation will let remote unauthorized attackers to access or view files or obtain sensitive information. Impact Level: Application
For WebSphere Application Server 6.0: Apply the latest Fix Pack (18.104.22.168 or later) or APAR PK91414 For WebSphere Application Server 6.1: Apply the latest Fix Pack (22.214.171.124 or later) or APAR PK91414 For WebSphere Application Server 7.1: Apply the latest Fix Pack (126.96.36.199 or later) or APAR PK91414 For updates refer to http://www.ibm.com/support/docview.wss?uid=swg1PK91414
The flaw is due to error in the Naming and Directory Interface (JNDI) implementation. It does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.
IBM WebSphere Application Server (WAS) 6.0 before 188.8.131.52, 6.1 before 184.108.40.206, and 7.0 before 220.127.116.11