$Snoop Servlet information disclosure

Description

The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request.

Remediation

Restrict access to the Snoop servlet URL or install the latest version of IBM WebSphere Application Server.

References