Lucene search

HistoryJun 05, 2013 - 12:00 a.m.

Oracle GlassFish Server 3.0.1 < 3.0.1.7 / 3.1.2 < 3.1.2.5 Multiple Vulnerabilities (April 2013 CPU)

2013-06-0500:00:00

www.tenable.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.0%

JSON

The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities :

Cross-site scripting (XSS) vulnerabilities exist in its admin and rest interface. These vulnerabilities permit JavaScript to be run in the context of GlassFish, which may result in credentials of authenticated users being stolen. (CVE-2013-1508, CVE-2013-1515)
A cross-site request forgery (CSRF) vulnerability exists in its REST interface. An authenticated user may be tricked into visiting a web page that leverages this vulnerability.
A JSF source exposure vulnerability exists that affects confidentiality.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(66804);
  script_version("1.10");
  script_cvs_date("Date: 2018/11/15 20:50:25");

  script_cve_id("CVE-2013-1508", "CVE-2013-1515");
  script_bugtraq_id(59143, 59151);

  script_name(english:"Oracle GlassFish Server 3.0.1 < 3.0.1.7 / 3.1.2 < 3.1.2.5 Multiple Vulnerabilities (April 2013 CPU)");
  script_summary(english:"Checks the version of Oracle GlassFish.");

  script_set_attribute(attribute:"synopsis", value:"The remote web server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of GlassFish Server running on the remote host is affected
by multiple vulnerabilities :

  - Cross-site scripting (XSS) vulnerabilities exist in its
    admin and rest interface. These vulnerabilities permit
    JavaScript to be run in the context of GlassFish, which
    may result in credentials of authenticated users being
    stolen. (CVE-2013-1508, CVE-2013-1515)

  - A cross-site request forgery (CSRF) vulnerability exists
    in its REST interface. An authenticated user may be
    tricked into visiting a web page that leverages this
    vulnerability.

  - A JSF source exposure vulnerability exists that affects
    confidentiality.");
  script_set_attribute(attribute:"solution", value:"Upgrade to GlassFish Server 3.0.1.7 / 3.1.2.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
  # https://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c0f55176");
  # https://blogs.oracle.com/GlassFishForBusiness/entry/oracle_glassfish_server_v3_1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5ddb666a");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:glassfish_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("glassfish_console_detect.nasl");
  script_require_keys("www/glassfish", "www/glassfish/console");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("glassfish.inc");

#
# Main
#

# Check GlassFish & GlassFish Admin Console
get_kb_item_or_exit('www/glassfish');
get_kb_item_or_exit('www/glassfish/console');

port = get_glassfish_console_port(default:4848);

# Get the version number out of the KB.
ver = get_kb_item_or_exit("www/" + port + "/glassfish/version");
banner = get_kb_item_or_exit("www/" + port + "/glassfish/source");
pristine = get_kb_item_or_exit("www/" + port + "/glassfish/version/pristine");

# Check if the installation is vulnerable.
if (ver =~ "^3\.0\.1")
  fix = "3.0.1.7";
else if (ver =~ "^3\.1\.2")
  fix = "3.1.2.5";
else
  fix = NULL;

if (!isnull(fix) && ver_compare(ver:ver, fix:fix, strict:FALSE) < 0)
{
  set_kb_item(name:"www/"+port+"/XSRF", value:TRUE);
  set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : ' + banner +
      '\n  Installed version : ' + pristine +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Oracle GlassFish", port, pristine);

VendorProductVersionCPE
oracleglassfish_servercpe:/a:oracle:glassfish_server

Vendor	Product	Version	CPE
oracle	glassfish_server		cpe:/a:oracle:glassfish_server

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1508

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1515

www.nessus.org/u?5ddb666a

www.nessus.org/u?c0f55176

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.0%

JSON

Related for GLASSFISH_CPU_APR_2013.NASL