Oracle GlassFish Server Expression Evaluation Security Bypass Vulnerability Network Vulnerability

Summary

This host is running Oracle GlassFish Server and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected application. Impact Level: Application

Solution

Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

Insight

An unspecified error in the application, allows remote attackers to bypass certain security restrictions.

Affected

Oracle GlassFish Server version 3.0.1 and 3.1.1

References

http://java.net/jira/browse/JAVASERVERFACES-2247
http://secunia.com/advisories/46959/
http://secunia.com/advisories/49956/
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html#Oracle%20Sun%20Products%20Suit
http://www.osvdb.org/77373

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4358
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

httpdx Space Character Remote File Disclosure Vulnerability
IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
JBoss Enterprise Application Platform Multiple Vulnerabilities
IIS Service Pack - 404

Take action and discover your vulnerabilities