The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.
Successful exploitation will let remote attackers to obtain plaintext data from a JAX-RPC or JAX-WS Web Services. Impact Level: Application
For WebSphere Application Server 6.1: Apply the latest Fix Pack (18.104.22.168 or later) or APAR PM34841. For WebSphere Application Server 7.0: Apply the latest Fix Pack (22.214.171.124 or later) or APAR PM34841. http://www-01.ibm.com/support/docview.wss?uid=swg21474220 ***** NOTE : Ignore this warning, if above mentioned patch is already applied. *****
The flaw is caused by a weak encryption algorithm being used by WS-Security to encrypt data exchanged via a Web Service (JAX-WS or JAX-RPC), which could allow attackers to decrypt the encrypted data contained in web requests.
IBM WebSphere Application Server versions 6.1 before 126.96.36.199 and 7.0 before 188.8.131.52
- HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
- HTTP File Server Security Bypass and Denial of Service Vulnerabilities
- Apache Tomcat Hash Collision Denial Of Service Vulnerability
- GoAhead WebServer 'name' and 'address' Cross-Site Scripting Vulnerabilities
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011