Oracle GlassFish Server 3.1.2.x < 3.1.2.17 Java Server Faces Information Disclosure (April 2017 CPU)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by an information disclosure
vulnerability.

Description :

According to its self-reported version, the Oracle GlassFish Server
running on the remote host is 3.1.2.x prior to 3.1.2.17. It is,
therefore, affected by an unspecified flaw in the Java Server Faces
subcomponent that allows an unauthenticated, remote attacker to
disclose potentially sensitive information.

See also :

http://www.nessus.org/u?623d2c22
http://www.nessus.org/u?08e1362c

Solution :

Upgrade to Oracle GlassFish Server version 3.1.2.17 or later as
referenced in the April 2017 Oracle Critical Patch Update advisory.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Family: Web Servers

Nessus Plugin ID: 99522 ()

Bugtraq ID: 97896

CVE ID: CVE-2017-3626

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now