Oracle GlassFish Server 3.1.1 < 3.1.1.3 Multiple Vulnerabilities (April 2012 CPU)

high Nessus Plugin ID 58846

Language:

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.1

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities :

 - A cross-site request forgery (CSRF) vulnerability in its REST interface. An authenticated user can be tricked into visiting a web page that leverages this vulnerability to upload an arbitrary WAR file to the GlassFish server, which is then executed with GlassFish's credentials. (CVE-2012-0550)

 - A cross-site scripting (XSS) vulnerability in its administrative interface. This vulnerability permits JavaScript to be run in the context of the GlassFish administrative interface, which may result in the credentials of an authenticated user being stolen for use in subsequent attacks. (CVE-2012-0551)

Solution

Upgrade to GlassFish Server 3.1.1.3 or later.

See Also

https://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html

http://www.nessus.org/u?fe94efd1

http://www.nessus.org/u?a359287a

http://www.nessus.org/u?9faaa64a

Plugin Details

Severity: High

ID: 58846

File Name: glassfish_cpu_apr_2012.nasl

Version: 1.13

Type: remote

Family: Web Servers

Published: 4/24/2012

Updated: 11/15/2018

Dependencies: glassfish_detect.nasl

Risk Information

Risk Factor: High

VPR Score: 6.1

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:glassfish_server

Required KB Items: www/glassfish

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/23/2012

Vulnerability Publication Date: 4/17/2012

Reference Information

CVE: CVE-2012-0550, CVE-2012-0551

BID: 53118, 53136

EDB-ID: 18764, 18766

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990