Websphere Application Server CVE-2012-2162 Information Disclosure Vulnerability

Websphere Application Server CVE-2012-2162 Information Disclosure Vulnerability

Websphere Application Server is prone to a information disclosure vulnerability. The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.