According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 2.1.1.x prior to 2.1.1.30, 3.0.1.x prior to 3.0.1.15, or 3.1.2.x prior to 3.1.2.16. It is, therefore, affected by multiple vulnerabilities : 

  - An unspecified flaw exists in the Security subcomponent     that allows an unauthenticated, remote attacker to     execute arbitrary code. (CVE-2016-5528)

  - An unspecified flaw exists in the Administration     subcomponent that allows a local attacker attacker to     disclose sensitive information. Note that this     vulnerability does not affect the 2.1.1.x version     branch. (CVE-2017-3239)

  - An unspecified flaw exists in the Core subcomponent that     allows an unauthenticated, remote attacker to perform     unauthorized updates, inserts, or deletion of data over     SMTP. (CVE-2017-3247)

  - An unspecified flaw exists in the Security subcomponent     that allows an unauthenticated, remote attacker to     perform unauthorized updates, inserts, or deletion of     data over LDAP. Additionally, the attacker can     potentially cause a partial denial of service condition.
    (CVE-2017-3249) 

  - An unspecified flaw exists in the Security subcomponent     that allows an unauthenticated, remote attacker to     perform unauthorized updates, inserts, or deletion of     data over HTTP. Additionally, the attacker can     potentially cause a partial denial of service condition.
    (CVE-2017-3250)

Oracle GlassFish Server 2.1.1.x < 2.1.1.30 / 3.0.1.x < 3.0.1.15 / 3.1.2.x < 3.1.2.16 Multiple Vulnerabilities (January 2017 CPU)

high Nessus Plugin ID 96624