Oracle GlassFish Server Request Handling Remote File Disclosure

medium Nessus Plugin ID 91715

Synopsis

The remote web application server is affected by a remote file disclosure vulnerability.

Description

The instance of Oracle GlassFish Server running on the remote host is affected by a remote file disclosure vulnerability. An unauthenticated, remote attacker can exploit this issue, via a specially crafted request, to access arbitrary files on the remote host.

Note that additional vulnerabilities reportedly exist; however, Nessus has not tested for these.

Solution

Contact to vendor for patch options.

See Also

http://www.nessus.org/u?3fa64acd

Plugin Details

Severity: Medium

ID: 91715

File Name: glassfish_remote_file_disclosure.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 6/20/2016

Updated: 6/14/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:oracle:glassfish_server

Required KB Items: www/glassfish, www/glassfish/console

Exploited by Nessus: true

Vulnerability Publication Date: 6/8/2016