IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.

Impact

Successful exploitation could allow remote attackers to gain sensitive information. Impact Level: Application

Solution

Apply the patch, http://www-01.ibm.com/support/docview.wss?uid=swg21591172 ***** NOTE : Ignore this warning, if above patch has been applied. *****

Insight

The flaw is due to an error in the Plug-in, which uses unencrypted HTTP communication after expiration of the plugin-key.kdb password. Which allows remote attackers to sniff the network, or spoof arbitrary server and further perform a man-in-the-middle (MITM) attacks to obtain sensitive information.

Affected

IBM WebSphere Application Server (WAS) 8.0 and prior

References

http://xforce.iss.net/xforce/xfdb/74900

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-2162

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

IBM WebSphere Application Server Hash Collisions DOS Vulnerability
IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability
Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
JBoss Enterprise Application Platform Multiple Vulnerabilities
Acritum Femitter Server URI Directory Traversal Vulnerability

Take action and discover your vulnerabilities