ID CVE-2013-1515
Summary Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface.
References
Vulnerable Configurations
  • Oracle Sun Middleware Products 3.0.1
    cpe:2.3:a:oracle:sun_middleware_products:3.0.1
  • Oracle Sun Middleware Products 3.1.2
    cpe:2.3:a:oracle:sun_middleware_products:3.1.2
CVSS
Base: 4.3 (as of 17-04-2013 - 09:08)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family Web Servers
NASL id GLASSFISH_CPU_APR_2013.NASL
description The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities : - Cross-site scripting (XSS) vulnerabilities exist in its admin and rest interface. These vulnerabilities permit JavaScript to be run in the context of GlassFish, which may result in credentials of authenticated users being stolen. (CVE-2013-1508, CVE-2013-1515) - A cross-site request forgery (CSRF) vulnerability exists in its REST interface. An authenticated user may be tricked into visiting a web page that leverages this vulnerability. - A JSF source exposure vulnerability exists that affects confidentiality.
last seen 2019-02-21
modified 2018-11-15
plugin id 66804
published 2013-06-05
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=66804
title Oracle GlassFish Server 3.0.1 < 3.0.1.7 / 3.1.2 < 3.1.2.5 Multiple Vulnerabilities (April 2013 CPU)
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
mandriva MDVSA-2013:150
Last major update 10-10-2013 - 23:50
Published 17-04-2013 - 08:19
Back to Top