CVE-2012-2162 Information

Description

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password which allows remote attackers to obtain sensitive information by sniffing the network or spoof arbitrary servers via a man-in-the-middle attack.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21588312 http://www-01.ibm.com/support/docview.wss?uid=swg21591172 https://exchange.xforce.ibmcloud.com/vulnerabilities/74900