The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.
Successful exploitation could allow remote attackers to gain sensitive information. Impact Level: Application
Apply the patch, http://www-01.ibm.com/support/docview.wss?uid=swg21591172 ***** NOTE : Ignore this warning, if above patch has been applied. *****
The flaw is due to an error in the Plug-in, which uses unencrypted HTTP communication after expiration of the plugin-key.kdb password. Which allows remote attackers to sniff the network, or spoof arbitrary server and further perform a man-in-the-middle (MITM) attacks to obtain sensitive information.
IBM WebSphere Application Server (WAS) 8.0 and prior
Updated on 2017-03-28
- Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
- Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
- Authentication bypassing in Lotus Domino
- HTTP File Server Security Bypass and Denial of Service Vulnerabilities