Summary
This host is running Oracle GlassFish Server and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected application.
Impact Level: Application
Solution
Apply the patch from below link,
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
An unspecified error in the application, allows remote attackers to bypass certain security restrictions.
Affected
Oracle GlassFish Server version 3.0.1 and 3.1.1
References
- http://java.net/jira/browse/JAVASERVERFACES-2247
- http://secunia.com/advisories/46959/
- http://secunia.com/advisories/49956/
- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
- http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html#Oracle%20Sun%20Products%20Suit
- http://www.osvdb.org/77373
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-4358 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- httpdx Space Character Remote File Disclosure Vulnerability
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
- JBoss Enterprise Application Platform Multiple Vulnerabilities
- IIS Service Pack - 404