Summary
This host is running Oracle GlassFish Server and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected application.
Impact Level: Application
Solution
Apply the patch from below link,
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
An unspecified error in the application, allows remote attackers to bypass certain security restrictions.
Affected
Oracle GlassFish Server version 3.0.1 and 3.1.1
References
- http://java.net/jira/browse/JAVASERVERFACES-2247
- http://secunia.com/advisories/46959/
- http://secunia.com/advisories/49956/
- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
- http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html#Oracle%20Sun%20Products%20Suit
- http://www.osvdb.org/77373
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-4358 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Denial Of Service Vulnerability (Windows)
- IBM WebSphere Application Server Administration Directory Traversal Vulnerability
- Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
- Apache Tomcat Request Object Security Bypass Vulnerability (Win)