CVE-2012-3155
https://notcve.org/view.php?id=CVE-2012-3155
Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB. Vulnerabilidad no especificada en el componente CORBA ORB de Sun GlassFish Enterprise Server v2.1.1, Sun GlassFish Enterprise Server v3.0.1 y v3.1.2 y Sun Java Application Server System v8.1 y v8.2 permite a atacantes remotos afectar a la disponibilidad, en relación con CORBA ORB. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.securityfocus.com/bid/56073 http://www.securitytracker.com/id?1027676 •
CVE-2011-0807 – Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0807
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle Sun GlassFish Enterprise Server v2.1, v2.1.1 y v3.0.1, y Sun Java System Application Server v9.1, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la Administración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Web Administration component which listens by default on TCP port 4848. When handling a malformed GET request to the administrative interface, the application does not properly handle an exception allowing the request to proceed without authentication. • https://www.exploit-db.com/exploits/17615 http://securityreason.com/securityalert/8327 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html - •
CVE-2010-0386
https://notcve.org/view.php?id=CVE-2010-0386
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. La configuración por defecto de Sun Java System Application Server v7 y v7 2004Q2 activa el método HTTP TRACE, lo que provoca que sea mas sencillo para un atacante remoto robar las cookies y credenciales de autenticación a través de un ataque de seguimiento de trazas en sitios cruzados (XST), está relacionado con CVE-2004-2763 y CVE-2005-3398. • http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1 • CWE-16: Configuration •
CVE-2009-0278
https://notcve.org/view.php?id=CVE-2009-0278
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. Sun Java System Application Server (AS) 8.1 y 8.2 permite a atacantes remotos leer los ficheros de configuración de las aplicaciones Web en los directorios (1) WEB-INF o (2) META-INF mediante una solicitud mal formada. • http://osvdb.org/51604 http://secunia.com/advisories/33725 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1 http://www.securityfocus.com/bid/33397 http://www.vupen.com/english/advisories/2009/0208 https://exchange.xforce.ibmcloud.com/vulnerabilities/48161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-5266 – Sun GlassFish 2.1 - 'name' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5266
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en configuration/httpListenerEdit.jsf en la interfaz GlassFish 2 UR2 b04 webadmin en Sun Java System Application Server v9.1_01 build b09d-fcs y v9.1_02 build b04-fcs permite a atacantes remotos inyectar web script o HTML a través del parámetro "name", un vector diferente a CVE-2008-2751. • https://www.exploit-db.com/exploits/31901 http://secunia.com/advisories/30604 http://securityreason.com/securityalert/4659 http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application http://www.securityfocus.com/archive/1/493243/100/0/threaded http://www.securityfocus.com/bid/29646 https://exchange.xforce.ibmcloud.com/vulnerabilities/47029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •