The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.
Successful exploitation could allow remote attackers to gain sensitive information. Impact Level: Application
Apply the patch, http://www-01.ibm.com/support/docview.wss?uid=swg21591172 ***** NOTE : Ignore this warning, if above patch has been applied. *****
The flaw is due to an error in the Plug-in, which uses unencrypted HTTP communication after expiration of the plugin-key.kdb password. Which allows remote attackers to sniff the network, or spoof arbitrary server and further perform a man-in-the-middle (MITM) attacks to obtain sensitive information.
IBM WebSphere Application Server (WAS) 8.0 and prior
Updated on 2017-03-28
- Apache Tomcat Request Object Security Bypass Vulnerability (Win)
- bozotic HTTP server Denial of Service Vulnerability
- Acritum Femitter Server URI Directory Traversal Vulnerability
- GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities
- HTTP File Server Security Bypass and Denial of Service Vulnerabilities