http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

Oracle GlassFish versions 2.1.1, 3.0.1, and 3.1.2 are affected by the following vulnerabilities :/n/n - The Java Server Faces is prone to multiple directory traversal vulnerabilities/n - The Metro component is affected by a remote security vulnerability which can be exploited via SOAP/n - The Metro component is also affected by a potential DoS condition which can be exploited via SOAP/n

The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities in the following components :

  - Java Server Faces
  - Metro

ID	Name	Product	Family	Severity
9000	Oracle GlassFish Server 2.1.1 / 3.0.1 / 3.1.2 Multiple Vulnerabilities (October 2013 CPU)	Nessus Network Monitor	Web Servers	medium
70482	Oracle GlassFish Server Multiple Vulnerabilities (October 2013 CPU)	Nessus	Web Servers	medium

CVE-2013-5816

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins