Summary
The host is running GlassFish Server and is prone to multiple unspecified vulnerabilities.
Impact
Successful exploitation will allow attackers to affect confidentiality, integrity and availability via unknown vectors.
Impact Level: Application
Solution
Apply the security updates.
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Multiple unspecified flaws are exists in the application related to Administration and Web Container, which allows attackers to affect confidentiality, integrity and availability via unknown vectors.
Affected
Oracle GlassFish Server version 2.1.1, 3.1.1 and 3.0.1
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3564
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0081
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0104
- http://secunia.com/advisories/47603/
- http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
- http://www.securitytracker.com/id/1026537
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3564, CVE-2012-0081, CVE-2012-0104 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- Check for bdir.htr files