Oracle GlassFish Server 2.1.1.x < 2.1.1.28 Information Disclosure (July 2016 CPU)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by an information disclosure
vulnerability.

Description :

According to its self-reported version number, the Oracle GlassFish
Server running on the remote host is 2.1.1.x prior to 2.1.1.28. It is,
therefore, affected by an unspecified flaw in the Administration
subcomponent that allows an unauthenticated, remote attacker to
disclose sensitive information.

See also :

http://www.nessus.org/u?453b5f8c

Solution :

Upgrade to Oracle GlassFish Server version 2.1.1.28 or later as
referenced in the July 2016 Oracle Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 92464 ()

Bugtraq ID: 92032

CVE ID: CVE-2016-5477

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now