IBM WebSphere < 220.127.116.11 Authentication Bypass
Low Nessus Network Monitor Plugin ID 3559
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.
DescriptionThe remote WebSphere web server is vulnerable to an information leak. There is a flaw in the way that WebSphere processes filtered requests which end with a '/'. For instance, if the file test.jsp required authentication, an attacker could simply request test.jsp/ and retrieve the page.
SolutionUpgrade to version 18.104.22.168 or higher.