Oracle GlassFish Server 3.1.1 < 220.127.116.11 Multiple Vulnerabilities (April 2012 CPU)
High Nessus Plugin ID 58846
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionThe version of GlassFish Server running on the remote host is affected by multiple vulnerabilities :
- A cross-site request forgery (CSRF) vulnerability in its REST interface. An authenticated user can be tricked into visiting a web page that leverages this vulnerability to upload an arbitrary WAR file to the GlassFish server, which is then executed with GlassFish's credentials. (CVE-2012-0550)
SolutionUpgrade to GlassFish Server 18.104.22.168 or later.