Summary
The host is running GlassFish Server and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Apply the security updates.
http://www.oracle.com/technetwork/topics/security/whatsnew/index.html
Insight
The flaw is due to error in the handling of log viewer, which fails to securely output encode logged values. An unauthenticated attacker can trigger the application to log a malicious string by entering the values into the username field.
Affected
Oracle GlassFish Server version 2.1.1
References
Severity
Classification
-
CVE CVE-2011-2260 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Lighttpd Trailing Slash Information Disclosure Vulnerability
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
- Ecava IntegraXor Directory Traversal Vulnerability
- IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability