This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote web server is affected by a remote code execution
According to its self-reported version number, the Oracle GlassFish
Server running on the remote host is 2.1.1.x prior to 188.8.131.52,
3.0.1.x prior to 184.108.40.206, or 3.1.2.x prior to 220.127.116.11. It is,
therefore, affected by a remote code execution vulnerability in the
Java Server Faces component subcomponent. An authenticated, remote
attacker can exploit this to execute arbitrary code.
See also :
Upgrade to Oracle GlassFish Server version 18.104.22.168 / 22.214.171.124 / or
126.96.36.199 as referenced in the October 2016 Oracle Critical Patch
Risk factor :
High / CVSS Base Score : 9.0
CVSS Temporal Score : 6.7
Public Exploit Available : false