Oracle GlassFish Administration Console XSS (May 4, 2012)


GlassFish is an open-source application server project started by Sun Microsystems for the Java EE platform and now sponsored by Oracle Corporation. It is the reference implementation of Java EE and as such supports Enterprise JavaBeans, JPA, JavaServer Faces, JMS, RMI, JavaServer Pages, servlets, etc. The Administration Console provided in Oracle GlassFish is a browser-based utility that features a graphical interface for administrative tasks. By default, The Administration Console listens on TCP port 4848.

Multiple cross site scripting vulnerabilities have been reported in Oracle GlassFish Administration Console. Specifically, several JavaServer Faces resources in the Administration Console do not properly sanitize incoming request parameter values before rendering page output.

An attacker could exploit this vulnerability by embedding malicious script code in a URL and enticing the target user to open the URL in the browser. Successful exploitation would allow the attacker to steal the target user’s private information, such as the username, password and session cookie. The attacker may use the credential to grant full access to administrator’s account and the underlying GlassFish server.

The vulnerability has been assigned as CVE-2012-0551.

SonicWALL has released multiple IPS signatures to detect and block specific exploitation attempts targeting this vulnerability. The signatures are listed below:

  • 7762 Oracle GlassFish Administration Console XSS 1
  • 7763 Oracle GlassFish Administration Console XSS 2
  • 7764 Oracle GlassFish Administration Console XSS 3
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.