HTTP: Oracle GlassFish Enterprise Server REST Interface Cross Site Request Forgery
This signature detects Web pages containing dangerous cross site requests. A malicious Web site can exploit a known vulnerability in Oracle GlassFish REST interface and upload arbitrary WAR files which will be executed on the target server.
Extended Description
Oracle GlassFish Enterprise Server is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to execute arbitrary code and upload an arbitrary WAR archive in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible. This vulnerability affects the following supported versions: GlassFish Enterprise Server 3.1.1
Affected Products
Oracle glassfish_server
Short Name
HTTP:ORACLE:GLASSFISH-REST
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2012-0550 Cross Enterprise Forgery GlassFish Interface Oracle REST Request Server Site bid:53118
Release Date
05/10/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3561
False Positive
Unknown
Vendors
Oracle
CVSS Score
6.8