This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote web server is affected by multiple vulnerabilities.
The version of GlassFish Server running on the remote host is affected
by multiple vulnerabilities :
- Cross-site scripting (XSS) vulnerabilities exist in its
admin and rest interface. These vulnerabilities permit
may result in credentials of authenticated users being
stolen. (CVE-2013-1508, CVE-2013-1515)
- A cross-site request forgery (CSRF) vulnerability exists
in its REST interface. An authenticated user may be
tricked into visiting a web page that leverages this
- A JSF source exposure vulnerability exists that affects
See also :
Upgrade to GlassFish Server 18.104.22.168 / 22.214.171.124 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false