Summary
The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.
Impact
Successful exploitation could allow remote attackers to gain sensitive information.
Impact Level: Application
Solution
Apply the patch,
http://www-01.ibm.com/support/docview.wss?uid=swg21591172
*****
NOTE : Ignore this warning, if above patch has been applied.
*****
Insight
The flaw is due to an error in the Plug-in, which uses unencrypted HTTP communication after expiration of the plugin-key.kdb password. Which allows remote attackers to sniff the network, or spoof arbitrary server and further perform a man-in-the-middle (MITM) attacks to obtain sensitive information.
Affected
IBM WebSphere Application Server (WAS) 8.0 and prior
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2012-2162 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability
- Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
- Herberlin Bremsserver Directory Traversal Vulnerability
- bozotic HTTP server Denial of Service Vulnerability
- JBoss Enterprise Application Platform Multiple Vulnerabilities