IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.

Impact

Successful exploitation could allow remote attackers to gain sensitive information. Impact Level: Application

Solution

Apply the patch, http://www-01.ibm.com/support/docview.wss?uid=swg21591172 ***** NOTE : Ignore this warning, if above patch has been applied. *****

Insight

The flaw is due to an error in the Plug-in, which uses unencrypted HTTP communication after expiration of the plugin-key.kdb password. Which allows remote attackers to sniff the network, or spoof arbitrary server and further perform a man-in-the-middle (MITM) attacks to obtain sensitive information.

Affected

IBM WebSphere Application Server (WAS) 8.0 and prior

References

http://xforce.iss.net/xforce/xfdb/74900

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-2162
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
bozotic HTTP server Denial of Service Vulnerability
Lighttpd Trailing Slash Information Disclosure Vulnerability
Kolibri Webserver 'HEAD' Request Processing Buffer Overflow Vulnerability

Take action and discover your vulnerabilities