IBM WebSphere Application Server JNDI information disclosure Vulnerability

Summary
The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.
Impact
Successful exploitation will let remote unauthorized attackers to access or view files or obtain sensitive information. Impact Level: Application
Solution
For WebSphere Application Server 6.0: Apply the latest Fix Pack (6.0.2.39 or later) or APAR PK91414 For WebSphere Application Server 6.1: Apply the latest Fix Pack (6.1.0.29 or later) or APAR PK91414 For WebSphere Application Server 7.1: Apply the latest Fix Pack (7.0.0.7 or later) or APAR PK91414 For updates refer to http://www.ibm.com/support/docview.wss?uid=swg1PK91414
Insight
The flaw is due to error in the Naming and Directory Interface (JNDI) implementation. It does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.
Affected
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7
References