Summary
The host is running GlassFish Server and is prone to multiple unspecified vulnerabilities.
Impact
Successful exploitation will allow attackers to affect confidentiality, integrity and availability via unknown vectors.
Impact Level: Application
Solution
Apply the security updates.
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Multiple unspecified flaws are exists in the application related to Administration and Web Container, which allows attackers to affect confidentiality, integrity and availability via unknown vectors.
Affected
Oracle GlassFish Server version 2.1.1, 3.1.1 and 3.0.1
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3564
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0081
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0104
- http://secunia.com/advisories/47603/
- http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
- http://www.securitytracker.com/id/1026537
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3564, CVE-2012-0081, CVE-2012-0104 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
- httpdx Space Character Remote File Disclosure Vulnerability
- Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
- CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability
- IBM WebSphere Application Server Admin Console Cross-site Scripting Vulnerability