Summary
The host is running GlassFish Server and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Apply the security updates.
http://www.oracle.com/technetwork/topics/security/whatsnew/index.html
Insight
The flaw is due to error in the handling of log viewer, which fails to securely output encode logged values. An unauthenticated attacker can trigger the application to log a malicious string by entering the values into the username field.
Affected
Oracle GlassFish Server version 2.1.1
References
Severity
Classification
-
CVE CVE-2011-2260 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
- CUPS Information Disclosure Vulnerability
- httpdASM Directory Traversal Vulnerability