IBM WebSphere Application Server 7.0.0.x <= 220.127.116.11 / 8.0.0.x <= 18.104.22.168 / 8.5.x < 22.214.171.124 / 9.0.0.x < 126.96.36.199 Information Disclosure Vulnerability (CVE-2018-1996)
Low Nessus Plugin ID 124023
SynopsisThe remote web application server is affected by an information disclosure vulnerability.
DescriptionThe IBM WebSphere Application Server running on the remote host is version 188.8.131.52 through 184.108.40.206, 220.127.116.11 through 18.104.22.168, 8.5.x prior to 22.214.171.124, or 9.0.0.x prior to 126.96.36.199. It is, therefore, affected by a potential information disclosure vulnerability. An improper TLS configuration could cause the IBM WebSphere Application Server to provider weaker than expected security. A remote attacker could exploit this to disclose sensitive information using a man in the middle attack.
SolutionUpgrade to IBM WebSphere Application Server 188.8.131.52 or 184.108.40.206 or later. Alternatively, upgrade to the minimal fix pack levels required by the interim fix and then apply Interim Fix PH05769.