IBM WebSphere Application Server 7.0.0.x <= 126.96.36.199 / 8.0.0.x <= 188.8.131.52 / 8.5.x < 184.108.40.206 / 9.0.0.x < 220.127.116.11 Information Disclosure Vulnerability (CVE-2018-1996)
Low Nessus Plugin ID 124023
SynopsisThe remote web application server is affected by an information disclosure vulnerability.
DescriptionThe IBM WebSphere Application Server running on the remote host is version 18.104.22.168 through 22.214.171.124, 126.96.36.199 through 188.8.131.52, 8.5.x prior to 184.108.40.206, or 9.0.0.x prior to 220.127.116.11. It is, therefore, affected by a potential information disclosure vulnerability. An improper TLS configuration could cause the IBM WebSphere Application Server to provider weaker than expected security. A remote attacker could exploit this to disclose sensitive information using a man in the middle attack.
SolutionUpgrade to IBM WebSphere Application Server 18.104.22.168 or 22.214.171.124 or later. Alternatively, upgrade to the minimal fix pack levels required by the interim fix and then apply Interim Fix PH05769.