Short Name |
HTTP:ORACLE:GLASSFISH-REST |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle GlassFish Enterprise Server REST Interface Cross Site Request Forgery |
Release Date |
2012/05/10 |
Update Number |
2133 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects Web pages containing dangerous cross site requests. A malicious Web site can exploit a known vulnerability in Oracle GlassFish REST interface and upload arbitrary WAR files which will be executed on the target server.
Oracle GlassFish Enterprise Server is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to execute arbitrary code and upload an arbitrary WAR archive in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible. This vulnerability affects the following supported versions: GlassFish Enterprise Server 3.1.1