Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2012 Greenbone AGOPENVAS:1361412562310802624
HistoryMay 07, 2012 - 12:00 a.m.

Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities

2012-05-0700:00:00
Copyright (C) 2012 Greenbone AG
plugins.openvas.org
48

6.1 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.885 High

EPSS

Percentile

98.7%

JSON

Oracle GlassFish Server is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:oracle:glassfish_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.802624");
  script_version("2024-03-04T14:37:58+0000");
  script_cve_id("CVE-2012-0550", "CVE-2012-0551");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2024-03-04 14:37:58 +0000 (Mon, 04 Mar 2024)");
  script_tag(name:"creation_date", value:"2012-05-07 16:16:16 +0530 (Mon, 07 May 2012)");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities");

  script_xref(name:"URL", value:"http://secunia.com/advisories/48798");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/53118");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/53136");
  script_xref(name:"URL", value:"http://securitytracker.com/id/1026941");
  script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/18764");
  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html");
  script_xref(name:"URL", value:"http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_REST_CSRF.pdf");
  script_xref(name:"URL", value:"http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_Multiple_XSS.pdf");

  script_tag(name:"qod_type", value:"remote_banner");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_family("Web Servers");
  script_dependencies("GlassFish_detect.nasl");
  script_mandatory_keys("GlassFish/installed");

  script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to insert arbitrary HTML
and script code, which will be executed in a user's browser session in the context of an affected site.");

  script_tag(name:"affected", value:"Oracle GlassFish Server version 3.1.1");

  script_tag(name:"insight", value:"Multiple flaws are due to

  - Input passed via multiple parameters to various scripts is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an
affected site.

  - The application allows users to perform certain actions via HTTP requests without performing proper validity
checks to verify the requests.");

  script_tag(name:"summary", value:"Oracle GlassFish Server is prone to multiple vulnerabilities.");

  script_tag(name:"solution", value:"Apply the patch from the referenced advisory.");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!version = get_app_version(cpe: CPE, port: port))
  exit(0);

if (version_is_equal(version: version, test_version: "3.1.1")) {
  report = report_fixed_ver(installed_version:version, vulnerable_range:"Equal to 3.1.1");
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Related

openvas 3
nessus 15
cve 2
cvelist 2
debiancve 2
prion 2
veracode 11
nvd 2
checkpoint_advisories 3
suse 2
redhat 6
ibm 3
securityvulns 2
oracle 1
openvas
openvas
Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities
2012-05-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1265-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1231-1)
2021-06-09 00:00:00
nessus
nessus
Oracle GlassFish Server 3.1.1 < 3.1.1.3 Multiple Vulnerabilities (April 2012 CPU)
2012-04-24 00:00:00
SuSE 11.2 Security Update : IBM Java (SAT Patch Number 6793)
2013-01-25 00:00:00
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:1238)
2012-09-07 00:00:00
cve
cve
CVE-2012-0550
2012-05-03 18:55:01
CVE-2012-0551
2012-05-03 18:55:01
cvelist
cvelist
CVE-2012-0550
2012-05-03 18:17:00
CVE-2012-0551
2012-05-03 18:17:00
debiancve
debiancve
CVE-2012-0550
2012-05-03 18:55:00
CVE-2012-0551
2012-05-03 18:55:00
prion
prion
Design/Logic Flaw
2012-05-03 18:55:00
Design/Logic Flaw
2012-05-03 18:55:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2017-03-27 06:34:21
Cross-site Scripting
2019-01-15 08:56:55
Cross-site Scripting
2017-03-24 08:19:33
nvd
nvd
CVE-2012-0551
2012-05-03 18:55:01
CVE-2012-0550
2012-05-03 18:55:01
checkpoint_advisories
checkpoint_advisories
Oracle GlassFish Enterprise Server REST Interface Cross Site Request Forgery (CVE-2012-0550)
2012-10-14 00:00:00
Oracle GlassFish Enterprise Server Multiple Reflected XSS Vulnerabilities (CVE-2012-0551)
2012-08-21 00:00:00
Oracle GlassFish Enterprise Server Multiple Stored XSS Vulnerabilities (CVE-2012-0551)
2012-09-04 00:00:00
suse
suse
Security update for IBM Java (important)
2012-09-28 15:08:47
Security update for IBM Java (important)
2012-09-25 00:09:19
redhat
redhat
(RHSA-2012:1238) Critical: java-1.6.0-ibm security update
2012-09-06 00:00:00
(RHSA-2012:0734) Critical: java-1.6.0-sun security update
2012-06-13 00:00:00
(RHSA-2012:1289) Critical: java-1.7.0-ibm security update
2012-09-18 00:00:00
ibm
ibm
Potential security vulnerabilities with JavaTM SDKs
2018-06-17 14:07:58
Security bulletin: Potential security vulnerabilities in IBM DataQuant with JRE 6
2022-09-25 23:13:40
Security Bulletin: Multiple Vulnerabilities in Rational Synergy
2020-12-22 17:41:28
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
2012-12-02 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2012
2012-07-19 00:00:00

6.1 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.885 High

EPSS

Percentile

98.7%

JSON
Related for OPENVAS:1361412562310802624
openvas3nessus15cve2cvelist2debiancve2prion2veracode11nvd2checkpoint_advisories3suse2redhat6ibm3securityvulns2oracle1