Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security

Security Advisory – SOS-11-009 – Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability

Release Date: 19-Jul-2011

Last Update:

Vendor Notification Date: 23-Mar-2011

Product: Sun GlassFish Enterprise Server

Platform: Java EE

Affected versions: 2.1.1 ((v2.1 Patch06)(9.1_02 Patch12))(build b31g-fcs) verified, possibly others

Severity Rating: Medium

Impact: Cookie/credential theft, impersonation, loss of confidentiality

Attack Vector: Remote without authentication

Solution Status: Vendor patch

CVE reference: CVE-2011-2260
Oracle Bug ID: 7030596


GlassFish is an open source application server project led by Sun Microsystems for the Java EE platform. The proprietary version is called Sun GlassFish Enterprise Server. GlassFish supports all Java EE API specifications, such as JDBC, RMI, e-mail, JMS, web services, XML, etc, and defines how to coordinate them.

Please refer to the PDF version of this advisory for proof of concept code examples.


Apply the vendor patch.

Discovered By

Sense of Security Labs.

Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.

No Comments

Sorry, the comment form is closed at this time.