Oracle GlassFish Server 3.1.2.x < 184.108.40.206 Java Server Faces Information Disclosure (April 2017 CPU)
Low Nessus Plugin ID 99522
SynopsisThe remote web server is affected by an information disclosure vulnerability.
DescriptionAccording to its self-reported version, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 220.127.116.11. It is, therefore, affected by an unspecified flaw in the Java Server Faces subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information.
SolutionUpgrade to Oracle GlassFish Server version 18.104.22.168 or later as referenced in the April 2017 Oracle Critical Patch Update advisory.