- Home
- CVEs with nessus.description==The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities :
- A cross-site request forgery (CSRF) vulnerability in its REST interface. An authenticated user can be tricked into visiting a web page that leverages this vulnerability to upload an arbitrary WAR file to the GlassFish server, which is then executed with GlassFish's credentials. (CVE-2012-0550)
- A cross-site scripting (XSS) vulnerability in its administrative interface. This vulnerability permits JavaScript to be run in the context of the GlassFish administrative interface, which may result in the credentials of an authenticated user being stolen for use in subsequent attacks. (CVE-2012-0551)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top