Summary
This host is running Oracle GlassFish Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Apply the patch from below link,
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Multiple flaws are due to
- Input passed via multiple parameters to various scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
- The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests.
Affected
Oracle GlassFish Server version 3.1.1
References
- http://osvdb.org/81236
- http://secunia.com/advisories/48798
- http://securitytracker.com/id/1026941
- http://www.exploit-db.com/exploits/18764
- http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
- http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_Multiple_XSS.pdf
- http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_REST_CSRF.pdf
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-0550, CVE-2012-0551 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- IBM WebSphere Application Server Administration Console DoS vulnerability
- HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
- Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
- Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
- HServer Webserver Multiple Directory Traversal Vulnerabilities