Oracle GlassFish Server 3.0.1 < / 3.1.2 < Multiple Vulnerabilities (April 2013 CPU)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

The version of GlassFish Server running on the remote host is affected
by multiple vulnerabilities :

- Cross-site scripting (XSS) vulnerabilities exist in its
admin and rest interface. These vulnerabilities permit
JavaScript to be run in the context of GlassFish, which
may result in credentials of authenticated users being
stolen. (CVE-2013-1508, CVE-2013-1515)

- A cross-site request forgery (CSRF) vulnerability exists
in its REST interface. An authenticated user may be
tricked into visiting a web page that leverages this

- A JSF source exposure vulnerability exists that affects

See also :

Solution :

Upgrade to GlassFish Server / or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 66804 ()

Bugtraq ID: 59143

CVE ID: CVE-2013-1508