Oracle GlassFish Server 3.1.2.x < Java Server Faces Information Disclosure (April 2017 CPU)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by an information disclosure

Description :

According to its self-reported version, the Oracle GlassFish Server
running on the remote host is 3.1.2.x prior to It is,
therefore, affected by an unspecified flaw in the Java Server Faces
subcomponent that allows an unauthenticated, remote attacker to
disclose potentially sensitive information.

See also :

Solution :

Upgrade to Oracle GlassFish Server version or later as
referenced in the April 2017 Oracle Critical Patch Update advisory.

Risk factor :

Low / CVSS Base Score : 2.6
CVSS Temporal Score : 1.9
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 99522 ()

Bugtraq ID: 97896

CVE ID: CVE-2017-3626

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now