IBM WebSphere Application Server 7.0.0.x <= 18.104.22.168 / 8.0.0.x <= 22.214.171.124 / 8.5.x < 126.96.36.199 / 9.0.0.x < 188.8.131.52 Information Disclosure Vulnerability (CVE-2018-1996)
Low Nessus Plugin ID 124023
SynopsisThe remote web application server is affected by an information disclosure vulnerability.
DescriptionThe IBM WebSphere Application Server running on the remote host is version 184.108.40.206 through 220.127.116.11, 18.104.22.168 through 22.214.171.124, 8.5.x prior to 126.96.36.199, or 9.0.0.x prior to 188.8.131.52. It is, therefore, affected by a potential information disclosure vulnerability. An improper TLS configuration could cause the IBM WebSphere Application Server to provider weaker than expected security. A remote attacker could exploit this to disclose sensitive information using a man in the middle attack.
SolutionUpgrade to IBM WebSphere Application Server 184.108.40.206 or 220.127.116.11 or later. Alternatively, upgrade to the minimal fix pack levels required by the interim fix and then apply Interim Fix PH05769.