This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote web server is affected by multiple vulnerabilities.
The version of GlassFish Server running on the remote host is affected
by multiple vulnerabilities :
- Cross-site scripting (XSS) vulnerabilities exist in its
admin and rest interface. These vulnerabilities permit
may result in credentials of authenticated users being
stolen. (CVE-2013-1508, CVE-2013-1515)
- A cross-site request forgery (CSRF) vulnerability exists
in its REST interface. An authenticated user may be
tricked into visiting a web page that leverages this
- A JSF source exposure vulnerability exists that affects
See also :
Upgrade to GlassFish Server 184.108.40.206 / 220.127.116.11 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 66804 ()
Bugtraq ID: 5914359151
CVE ID: CVE-2013-1508CVE-2013-1515
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.