Summary
The host is running GlassFish Server and is prone to multiple unspecified vulnerabilities.
Impact
Successful exploitation will allow attackers to affect confidentiality, integrity and availability via unknown vectors.
Impact Level: Application
Solution
Apply the security updates.
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Multiple unspecified flaws are exists in the application related to Administration and Web Container, which allows attackers to affect confidentiality, integrity and availability via unknown vectors.
Affected
Oracle GlassFish Server version 2.1.1, 3.1.1 and 3.0.1
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3564
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0081
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0104
- http://secunia.com/advisories/47603/
- http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
- http://www.securitytracker.com/id/1026537
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3564, CVE-2012-0081, CVE-2012-0104 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Cross-Site Scripting in Cherokee Error Pages
- Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
- IBM WebSphere Application Server Multiple Vulnerabilities
- Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability