IBM WebSphere Application Server (WAS) is prone to an information- disclosure vulnerability. A local authenticated attacker can exploit this issue to gain access to sensitive information this may aid in further attacks. Versions prior to WAS 126.96.36.199 and 188.8.131.52 are vulnerable.
Updates are available. Please see the references for details.
- Nikto (NASL wrapper)
- Joostina 'index.php' Cross Site Scripting Vulnerability
- Bugzilla 'localconfig' Information Disclosure Vulnerability
- LDAP Account Manager 'selfserviceSaveOk' Parameter Cross Site Scripting Vulnerability
- IBM WebSphere Application Server SIP Logging Information Disclosure Vulnerability