Lucene search

K
nessusThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.GLASSFISH_CVE-2012-0081.NASL
HistoryFeb 02, 2012 - 12:00 a.m.

Oracle GlassFish Server 3.1.1 < 3.1.1.2 Administration Component Unspecified Vulnerability

2012-02-0200:00:00
This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

26.5%

The version of GlassFish Server running on the remote host is affected by an unspecified vulnerability related to the Administration component that allows local users to affect confidentiality, integrity, and availability in some way.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(57804);
  script_version("1.9");
  script_cvs_date("Date: 2018/11/15 20:50:25");

  script_cve_id("CVE-2012-0081");
  script_bugtraq_id(51485);

  script_name(english:"Oracle GlassFish Server 3.1.1 < 3.1.1.2 Administration Component Unspecified Vulnerability");
  script_summary(english:"Checks the version of Oracle GlassFish.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by an unspecified vulnerability that
affects confidentiality, integrity, and availability.");
  script_set_attribute(attribute:"description", value:
"The version of GlassFish Server running on the remote host is affected
by an unspecified vulnerability related to the Administration
component that allows local users to affect confidentiality,
integrity, and availability in some way.");
  script_set_attribute(attribute:"solution", value:"Upgrade to GlassFish Server 3.1.1.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html");
  # https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1390289.1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?55ab74fa");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:glassfish_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("glassfish_console_detect.nasl");
  script_require_keys("www/glassfish", "www/glassfish/console");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("glassfish.inc");

#
# Main
#

# Check GlassFish & GlassFish Admin Console
get_kb_item_or_exit('www/glassfish');
get_kb_item_or_exit('www/glassfish/console');

var port = get_glassfish_console_port(default:4848);

# Get the version number out of the KB.
ver = get_kb_item_or_exit("www/" + port + "/glassfish/version");
banner = get_kb_item_or_exit("www/" + port + "/glassfish/source");
pristine = get_kb_item_or_exit("www/" + port + "/glassfish/version/pristine");

# Check if the installation is vulnerable.
fix = "3.1.1.2";
if (ver =~ "^3\.1\.1" && ver_compare(ver:ver, fix:fix, strict:FALSE) < 0)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : ' + banner +
      '\n  Installed version : ' + pristine +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_note(port:port, extra:report);
  }
  else security_note(port);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Oracle GlassFish", port, pristine);

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

26.5%