Oracle GlassFish Server URL normalization Denial of Service
High Nessus Plugin ID 110612
SynopsisThe remote application is vulnerable to a denial of service attack.
DescriptionThe instance of Oracle GlassFish Server running on the remote host is affected by an authenticated and unauthenticated denial of service vulnerability.
The vulnerability is a result of an infinite loop in the normalize() method in com.sun.jsftemplating.util.fileStreamer.ResourceContentSource.
A remote attacker can exploit this issue, via a specially crafted HTTP request to Admin Console component.
SolutionContact to vendor for patch options.