Vulnerabilities > CVE-2012-0550 - Unspecified vulnerability in Oracle Glassfish Server 3.1.1

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

oracle

nessus

exploit available

NVD

Published: 2012-05-03

Updated: 2017-12-07

Summary

Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Glassfish Server 3.1.1	1

Exploit-Db

description	Oracle GlassFish Server - REST CSRF. CVE-2012-0550. Webapps exploit for windows platform
id	EDB-ID:18766
last seen	2016-02-02
modified	2012-04-22
published	2012-04-22
reporter	Roberto Suggi Liverani
source	https://www.exploit-db.com/download/18766/
title	Oracle GlassFish Server - REST CSRF

Nessus

NASL family	Web Servers
NASL id	GLASSFISH_CPU_APR_2012.NASL
description	The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities : - A cross-site request forgery (CSRF) vulnerability in its REST interface. An authenticated user can be tricked into visiting a web page that leverages this vulnerability to upload an arbitrary WAR file to the GlassFish server, which is then executed with GlassFish
last seen	2020-06-01
modified	2020-06-02
plugin id	58846
published	2012-04-24
reporter	This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58846
title	Oracle GlassFish Server 3.1.1 < 3.1.1.3 Multiple Vulnerabilities (April 2012 CPU)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58846); script_version("1.13"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2012-0550", "CVE-2012-0551"); script_bugtraq_id(53118, 53136); script_xref(name:"EDB-ID", value:"18764"); script_xref(name:"EDB-ID", value:"18766"); script_name(english:"Oracle GlassFish Server 3.1.1 < 3.1.1.3 Multiple Vulnerabilities (April 2012 CPU)"); script_summary(english:"Checks the version of Oracle GlassFish."); script_set_attribute(attribute:"synopsis", value:"The remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities : - A cross-site request forgery (CSRF) vulnerability in its REST interface. An authenticated user can be tricked into visiting a web page that leverages this vulnerability to upload an arbitrary WAR file to the GlassFish server, which is then executed with GlassFish's credentials. (CVE-2012-0550) - A cross-site scripting (XSS) vulnerability in its administrative interface. This vulnerability permits JavaScript to be run in the context of the GlassFish administrative interface, which may result in the credentials of an authenticated user being stolen for use in subsequent attacks. (CVE-2012-0551)"); script_set_attribute(attribute:"solution", value:"Upgrade to GlassFish Server 3.1.1.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fe94efd1"); # http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_REST_CSRF.pdf script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a359287a"); # http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_Multiple_XSS.pdf script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9faaa64a"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/24"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:glassfish_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("glassfish_detect.nasl"); script_require_keys("www/glassfish"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("glassfish.inc"); # # Main # # Check for GlassFish get_kb_item_or_exit('www/glassfish'); # By default, GlassFish listens on port 8080. port = get_glassfish_port(default:8080); # Get the version number out of the KB. ver = get_kb_item_or_exit("www/" + port + "/glassfish/version"); banner = get_kb_item_or_exit("www/" + port + "/glassfish/source"); pristine = get_kb_item_or_exit("www/" + port + "/glassfish/version/pristine"); # Check if the installation is vulnerable. if (ver =~ "^3\.1\.1") fix = "3.1.1.3"; else fix = NULL; if (!isnull(fix) && ver_compare(ver:ver, fix:fix, strict:FALSE) < 0) { if (report_verbosity > 0) { set_kb_item(name:"www/"+port+"/XSRF", value:TRUE); set_kb_item(name:"www/"+port+"/XSS", value:TRUE); report = '\n Version source : ' + banner + '\n Installed version : ' + pristine + '\n Fixed version : ' + fix + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_LISTEN_NOT_VULN, "Oracle GlassFish", port, pristine);

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References