Detections
Analytics
Sun GlassFish Server 3.0 Preview Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 5151
Synopsis
The remote host is vulnerable to multiple attack vectors.Description
The remote host is running the Sun GlassFish Server 3.0 Preview. This versions is potentially affected by multiple issues :- An information disclosure vulnerability affects the 'filename' and 'file' parameters of the 'jsft_resource.jsf' script.
- An information disclosure vulnerability affects the 'file' and 'filename' parameters of the 'scale_static_resource.jsf' script.
Solution
Use the current stable version 2 of Sun GlassFish Enterprise Server.See Also
https://www.sec-consult.com/files/20090901_jsftemplating_filedisclosure.txt
Plugin Details
Severity: Medium
ID: 5151
Family: Web Servers
Published: 9/2/2009
Updated: 3/6/2019
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 9/1/2009
Vulnerability Publication Date: 9/1/2009
Reference Information
BID: 36204