The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.

Successful exploitation will let remote attackers to obtain plaintext data from a JAX-RPC or JAX-WS Web Services. Impact Level: Application

For WebSphere Application Server 6.1: Apply the latest Fix Pack (6.1.0.39 or later) or APAR PM34841. For WebSphere Application Server 7.0: Apply the latest Fix Pack (7.0.0.17 or later) or APAR PM34841. http://www-01.ibm.com/support/docview.wss?uid=swg21474220 ***** NOTE : Ignore this warning, if above mentioned patch is already applied. *****

The flaw is caused by a weak encryption algorithm being used by WS-Security to encrypt data exchanged via a Web Service (JAX-WS or JAX-RPC), which could allow attackers to decrypt the encrypted data contained in web requests.

IBM WebSphere Application Server versions 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17

• http://www-01.ibm.com/support/docview.wss?uid=swg24029632
• http://www.vupen.com/english/advisories/2011/1084
• http://xforce.iss.net/xforce/xfdb/67115

---

Updated on 2015-03-25