The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.
Successful exploitation could allow remote attackers to gain sensitive information. Impact Level: Application
Apply the patch, http://www-01.ibm.com/support/docview.wss?uid=swg21591172 ***** NOTE : Ignore this warning, if above patch has been applied. *****
The flaw is due to an error in the Plug-in, which uses unencrypted HTTP communication after expiration of the plugin-key.kdb password. Which allows remote attackers to sniff the network, or spoof arbitrary server and further perform a man-in-the-middle (MITM) attacks to obtain sensitive information.
IBM WebSphere Application Server (WAS) 8.0 and prior
Updated on 2017-03-28
- HServer Webserver Multiple Directory Traversal Vulnerabilities
- GoAhead WebServer 'name' and 'address' Cross-Site Scripting Vulnerabilities
- Apache Tomcat Hash Collision Denial Of Service Vulnerability
- Lighttpd Trailing Slash Information Disclosure Vulnerability
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability