SynopsisThe remote host is running an application server that is vulnerable to multiple attack vectors.
DescriptionThe remote host appears to be running IBM WebSphere Application Server 8.5 prior to 220.127.116.11. Such versions are potentially affected by multiple issues :
- An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to identify the proxy server software by reading the HTTP 'Via' header. (CVE-2015-1932)
- An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof servlets or disclose sensitive information. (CVE-2015-4938)
SolutionUpgrade WebSphere Application Server to 18.104.22.168 or later.