Oracle GlassFish Server 3.0.1 < 126.96.36.199 / 3.1.2 < 188.8.131.52 Multiple Vulnerabilities (April 2013 CPU)
Medium Nessus Plugin ID 66804
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionThe version of GlassFish Server running on the remote host is affected by multiple vulnerabilities :
- A cross-site request forgery (CSRF) vulnerability exists in its REST interface. An authenticated user may be tricked into visiting a web page that leverages this vulnerability.
- A JSF source exposure vulnerability exists that affects confidentiality.
SolutionUpgrade to GlassFish Server 184.108.40.206 / 220.127.116.11 or later.