Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:ORACLE:GLASSFISH-MUL-XSS

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Oracle GlassFish Enterprise Server Multiple Stored Cross Site Scripting

Release Date

 2012/05/16

Update Number

 2136

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Oracle GlassFish Enterprise Server Multiple Stored Cross Site Scripting


This signature detects attempts to exploit multiple known cross-site scripting vulnerabilities in Oracle GlassFish. A successful attack can result in the compromise of Web browser cookies associated with the site, and modification of user information.

Extended Description

Oracle GlassFish Server is prone to multiple cross-site scripting and HTML-injection vulnerabilities that affect the administrative web interface. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. This vulnerability affects the following supported versions: GlassFish Enterprise Server 3.1.1

Affected Products

  • Apple Mac Os X 10.6.8
  • Apple Mac Os X 10.7.4
  • Apple Mac Os X Server 10.6.8
  • Apple Mac Os X Server 10.7.4
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • HP HP-UX B.11.31
  • Oracle GlassFish Enterprise Server 3.1.1
  • Red Hat Enterprise Linux Desktop Supplementary 5 Client
  • Red Hat Enterprise Linux Desktop Supplementary 6
  • Red Hat Enterprise Linux HPC Node Supplementary 6
  • Red Hat Enterprise Linux Server Supplementary 6
  • Red Hat Enterprise Linux Supplementary 5 Server
  • Red Hat Enterprise Linux Workstation Supplementary 6
  • Sun JDK (Linux Production Release) 1.6.0
  • Sun JDK (Linux Production Release) 1.6.0 01
  • Sun JDK (Linux Production Release) 1.6.0 01-B06
  • Sun JDK (Linux Production Release) 1.6.0 02
  • Sun JDK (Linux Production Release) 1.6.0 03
  • Sun JDK (Linux Production Release) 1.6.0 04
  • Sun JDK (Linux Production Release) 1.6.0 05
  • Sun JDK (Linux Production Release) 1.6.0 06
  • Sun JDK (Linux Production Release) 1.6.0 07
  • Sun JDK (Linux Production Release) 1.6.0 10
  • Sun JDK (Linux Production Release) 1.6.0 11
  • Sun JDK (Linux Production Release) 1.6.0 13
  • Sun JDK (Linux Production Release) 1.6.0 14
  • Sun JDK (Linux Production Release) 1.6.0 15
  • Sun JDK (Linux Production Release) 1.6.0 17
  • Sun JDK (Linux Production Release) 1.6.0 18
  • Sun JDK (Linux Production Release) 1.6.0 19
  • Sun JDK (Linux Production Release) 1.6.0 20
  • Sun JDK (Linux Production Release) 1.6.0_21
  • Sun JDK (Linux Production Release) 1.6.0_22
  • Sun JDK (Linux Production Release) 1.6.0_23
  • Sun JDK (Linux Production Release) 1.6.0_24
  • Sun JDK (Linux Production Release) 1.6.0_25
  • Sun JDK (Linux Production Release) 1.6.0_26
  • Sun JDK (Linux Production Release) 1.6.0_27
  • Sun JDK (Linux Production Release) 1.6.0_28
  • Sun JDK (Linux Production Release) 1.6.0_30
  • Sun JDK (Linux Production Release) 1.6.0_32
  • Sun JDK (Linux Production Release) 1.6.0 Update 10
  • Sun JDK (Linux Production Release) 1.6.0 Update 11
  • Sun JDK (Linux Production Release) 1.6.0 Update 12
  • Sun JDK (Linux Production Release) 1.6.0 Update 13
  • Sun JDK (Linux Production Release) 1.6.0 Update 14
  • Sun JDK (Linux Production Release) 1.6.0 Update 15
  • Sun JDK (Linux Production Release) 1.6.0 Update 16
  • Sun JDK (Linux Production Release) 1.6.0 Update 17
  • Sun JDK (Linux Production Release) 1.6.0 Update 18
  • Sun JDK (Linux Production Release) 1.6.0 Update 19
  • Sun JDK (Linux Production Release) 1.6.0 Update 20
  • Sun JDK (Linux Production Release) 1.6.0 Update 21
  • Sun JDK (Linux Production Release) 1.6.0 Update 3
  • Sun JDK (Linux Production Release) 1.6.0 Update 4
  • Sun JDK (Linux Production Release) 1.6.0 Update 5
  • Sun JDK (Linux Production Release) 1.6.0 Update 6
  • Sun JDK (Linux Production Release) 1.6.0 Update 7
  • Sun JDK (Linux Production Release) 1.7.0
  • Sun JDK (Linux Production Release) 1.7.0_2
  • Sun JDK (Linux Production Release) 1.7.0_4
  • Sun JDK (Solaris Production Release) 1.6.0
  • Sun JDK (Solaris Production Release) 1.6.0 01
  • Sun JDK (Solaris Production Release) 1.6.0 01-B06
  • Sun JDK (Solaris Production Release) 1.6.0 02
  • Sun JDK (Solaris Production Release) 1.6.0 03
  • Sun JDK (Solaris Production Release) 1.6.0 04
  • Sun JDK (Solaris Production Release) 1.6.0 05
  • Sun JDK (Solaris Production Release) 1.6.0 06
  • Sun JDK (Solaris Production Release) 1.6.0 07
  • Sun JDK (Solaris Production Release) 1.6.0 10
  • Sun JDK (Solaris Production Release) 1.6.0 11
  • Sun JDK (Solaris Production Release) 1.6.0 13
  • Sun JDK (Solaris Production Release) 1.6.0 14
  • Sun JDK (Solaris Production Release) 1.6.0 15
  • Sun JDK (Solaris Production Release) 1.6.0 17
  • Sun JDK (Solaris Production Release) 1.6.0 18
  • Sun JDK (Solaris Production Release) 1.6.0 19
  • Sun JDK (Solaris Production Release) 1.6.0 20
  • Sun JDK (Solaris Production Release) 1.6.0_21
  • Sun JDK (Solaris Production Release) 1.6.0_22
  • Sun JDK (Solaris Production Release) 1.6.0_23
  • Sun JDK (Solaris Production Release) 1.6.0_24
  • Sun JDK (Solaris Production Release) 1.6.0_25
  • Sun JDK (Solaris Production Release) 1.6.0_26
  • Sun JDK (Solaris Production Release) 1.6.0_27
  • Sun JDK (Solaris Production Release) 1.6.0_28
  • Sun JDK (Solaris Production Release) 1.6.0_30
  • Sun JDK (Solaris Production Release) 1.6.0_32
  • Sun JDK (Solaris Production Release) 1.7.0
  • Sun JDK (Solaris Production Release) 1.7.0_2
  • Sun JDK (Solaris Production Release) 1.7.0_4
  • Sun JDK (Windows Production Release) 1.6.0
  • Sun JDK (Windows Production Release) 1.6.0 01
  • Sun JDK (Windows Production Release) 1.6.0 01-B06
  • Sun JDK (Windows Production Release) 1.6.0 02
  • Sun JDK (Windows Production Release) 1.6.0 03
  • Sun JDK (Windows Production Release) 1.6.0 04
  • Sun JDK (Windows Production Release) 1.6.0 05
  • Sun JDK (Windows Production Release) 1.6.0 06
  • Sun JDK (Windows Production Release) 1.6.0 07
  • Sun JDK (Windows Production Release) 1.6.0 10
  • Sun JDK (Windows Production Release) 1.6.0 11
  • Sun JDK (Windows Production Release) 1.6.0 13
  • Sun JDK (Windows Production Release) 1.6.0 14
  • Sun JDK (Windows Production Release) 1.6.0 15
  • Sun JDK (Windows Production Release) 1.6.0 17
  • Sun JDK (Windows Production Release) 1.6.0 18
  • Sun JDK (Windows Production Release) 1.6.0 19
  • Sun JDK (Windows Production Release) 1.6.0 20
  • Sun JDK (Windows Production Release) 1.6.0_21
  • Sun JDK (Windows Production Release) 1.6.0_22
  • Sun JDK (Windows Production Release) 1.6.0_23
  • Sun JDK (Windows Production Release) 1.6.0_24
  • Sun JDK (Windows Production Release) 1.6.0_25
  • Sun JDK (Windows Production Release) 1.6.0_26
  • Sun JDK (Windows Production Release) 1.6.0_27
  • Sun JDK (Windows Production Release) 1.6.0_28
  • Sun JDK (Windows Production Release) 1.6.0_30
  • Sun JDK (Windows Production Release) 1.6.0_32
  • Sun JDK (Windows Production Release) 1.7.0
  • Sun JDK (Windows Production Release) 1.7.0_2
  • Sun JDK (Windows Production Release) 1.7.0_4
  • Sun JRE (Linux Production Release) 1.6.0
  • Sun JRE (Linux Production Release) 1.6.0 01
  • Sun JRE (Linux Production Release) 1.6.0 02
  • Sun JRE (Linux Production Release) 1.6.0 03
  • Sun JRE (Linux Production Release) 1.6.0 04
  • Sun JRE (Linux Production Release) 1.6.0 05
  • Sun JRE (Linux Production Release) 1.6.0 06
  • Sun JRE (Linux Production Release) 1.6.0 07
  • Sun JRE (Linux Production Release) 1.6.0 10
  • Sun JRE (Linux Production Release) 1.6.0 11
  • Sun JRE (Linux Production Release) 1.6.0 12
  • Sun JRE (Linux Production Release) 1.6.0 13
  • Sun JRE (Linux Production Release) 1.6.0 14
  • Sun JRE (Linux Production Release) 1.6.0 15
  • Sun JRE (Linux Production Release) 1.6.0 17
  • Sun JRE (Linux Production Release) 1.6.0 18
  • Sun JRE (Linux Production Release) 1.6.0 19
  • Sun JRE (Linux Production Release) 1.6.0 20
  • Sun JRE (Linux Production Release) 1.6.0_21
  • Sun JRE (Linux Production Release) 1.6.0_22
  • Sun JRE (Linux Production Release) 1.6.0_23
  • Sun JRE (Linux Production Release) 1.6.0_24
  • Sun JRE (Linux Production Release) 1.6.0_25
  • Sun JRE (Linux Production Release) 1.6.0_26
  • Sun JRE (Linux Production Release) 1.6.0_27
  • Sun JRE (Linux Production Release) 1.6.0_28
  • Sun JRE (Linux Production Release) 1.6.0_30
  • Sun JRE (Linux Production Release) 1.6.0_31
  • Sun JRE (Linux Production Release) 1.6.0_32
  • Sun JRE (Linux Production Release) 1.7
  • Sun JRE (Linux Production Release) 1.7.0_2
  • Sun JRE (Linux Production Release) 1.7.0_4
  • Sun JRE (Solaris Production Release) 1.6.0
  • Sun JRE (Solaris Production Release) 1.6.0 01
  • Sun JRE (Solaris Production Release) 1.6.0 02
  • Sun JRE (Solaris Production Release) 1.6.0 03
  • Sun JRE (Solaris Production Release) 1.6.0 04
  • Sun JRE (Solaris Production Release) 1.6.0 05
  • Sun JRE (Solaris Production Release) 1.6.0 06
  • Sun JRE (Solaris Production Release) 1.6.0 07
  • Sun JRE (Solaris Production Release) 1.6.0 10
  • Sun JRE (Solaris Production Release) 1.6.0 11
  • Sun JRE (Solaris Production Release) 1.6.0 12
  • Sun JRE (Solaris Production Release) 1.6.0 13
  • Sun JRE (Solaris Production Release) 1.6.0 14
  • Sun JRE (Solaris Production Release) 1.6.0 15
  • Sun JRE (Solaris Production Release) 1.6.0 17
  • Sun JRE (Solaris Production Release) 1.6.0 18
  • Sun JRE (Solaris Production Release) 1.6.0 19
  • Sun JRE (Solaris Production Release) 1.6.0 2
  • Sun JRE (Solaris Production Release) 1.6.0_21
  • Sun JRE (Solaris Production Release) 1.6.0_22
  • Sun JRE (Solaris Production Release) 1.6.0_23
  • Sun JRE (Solaris Production Release) 1.6.0_24
  • Sun JRE (Solaris Production Release) 1.6.0_25
  • Sun JRE (Solaris Production Release) 1.6.0_26
  • Sun JRE (Solaris Production Release) 1.6.0_27
  • Sun JRE (Solaris Production Release) 1.6.0_28
  • Sun JRE (Solaris Production Release) 1.6.0_30
  • Sun JRE (Solaris Production Release) 1.6.0_31
  • Sun JRE (Solaris Production Release) 1.6.0_32
  • Sun JRE (Solaris Production Release) 1.7
  • Sun JRE (Solaris Production Release) 1.7.0_2
  • Sun JRE (Solaris Production Release) 1.7.0_4
  • Sun JRE (Windows Production Release) 1.6.0
  • Sun JRE (Windows Production Release) 1.6.0 01
  • Sun JRE (Windows Production Release) 1.6.0 02
  • Sun JRE (Windows Production Release) 1.6.0 03
  • Sun JRE (Windows Production Release) 1.6.0 04
  • Sun JRE (Windows Production Release) 1.6.0 05
  • Sun JRE (Windows Production Release) 1.6.0 06
  • Sun JRE (Windows Production Release) 1.6.0 07
  • Sun JRE (Windows Production Release) 1.6.0 10
  • Sun JRE (Windows Production Release) 1.6.0 11
  • Sun JRE (Windows Production Release) 1.6.0 12
  • Sun JRE (Windows Production Release) 1.6.0 13
  • Sun JRE (Windows Production Release) 1.6.0 14
  • Sun JRE (Windows Production Release) 1.6.0 15
  • Sun JRE (Windows Production Release) 1.6.0 17
  • Sun JRE (Windows Production Release) 1.6.0 18
  • Sun JRE (Windows Production Release) 1.6.0 19
  • Sun JRE (Windows Production Release) 1.6.0 2
  • Sun JRE (Windows Production Release) 1.6.0 20
  • Sun JRE (Windows Production Release) 1.6.0_21
  • Sun JRE (Windows Production Release) 1.6.0_22
  • Sun JRE (Windows Production Release) 1.6.0_23
  • Sun JRE (Windows Production Release) 1.6.0_24
  • Sun JRE (Windows Production Release) 1.6.0_25
  • Sun JRE (Windows Production Release) 1.6.0_26
  • Sun JRE (Windows Production Release) 1.6.0_27
  • Sun JRE (Windows Production Release) 1.6.0_28
  • Sun JRE (Windows Production Release) 1.6.0_30
  • Sun JRE (Windows Production Release) 1.6.0_31
  • Sun JRE (Windows Production Release) 1.6.0_32
  • Sun JRE (Windows Production Release) 1.7
  • Sun JRE (Windows Production Release) 1.7.0_2
  • Sun JRE (Windows Production Release) 1.7.0_4

References

  • BugTraq: 53136
  • CVE: CVE-2012-0551

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out