Summary
This host is running Oracle GlassFish Server and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected application.
Impact Level: Application
Solution
Apply the patch from below link,
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
An unspecified error in the application, allows remote attackers to bypass certain security restrictions.
Affected
Oracle GlassFish Server version 3.0.1 and 3.1.1
References
- http://java.net/jira/browse/JAVASERVERFACES-2247
- http://secunia.com/advisories/46959/
- http://secunia.com/advisories/49956/
- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
- http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html#Oracle%20Sun%20Products%20Suit
- http://www.osvdb.org/77373
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-4358 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Kolibri Webserver 'HEAD' Request Processing Buffer Overflow Vulnerability
- httpdx Space Character Remote File Disclosure Vulnerability
- Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
- IIS Service Pack - 404