Oracle GlassFish Enterprise Server 'REST interface' Cross Site Request Forgery Vulnerability

Bugtraq ID:	53118
Class:	Design Error
CVE:	CVE-2012-0550
Remote:	Yes
Local:	No
Published:	Apr 17 2012 12:00AM
Updated:	Apr 19 2012 05:20PM
Credit:	Roberto Suggi Liverani
Vulnerable:	Oracle Glassfish Server 3.1.1
Not Vulnerable:

Oracle Sun Products Suite CVE-2012-0550 Remote GlassFish Enterprise Server Vulnerability

Oracle Sun Products Suite is prone to a remote vulnerability in GlassFish Enterprise Server.

The vulnerability can be exploited over the 'HTTP' protocol. The 'Web Container' sub component is affected.

This vulnerability affects the following supported versions:
GlassFish Enterprise Server 3.1.1

Oracle Sun Products Suite CVE-2012-0550 Remote GlassFish Enterprise Server Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Oracle Sun Products Suite CVE-2012-0550 Remote GlassFish Enterprise Server Vulnerability

Solution:
Vendor updates are available. Please contact the vendor for more information.

Oracle GlassFish Enterprise Server 'REST interface' Cross Site Request Forgery Vulnerability

References:

• Oracle GlassFish Server - REST CSRF (Roberto Suggi Liverani )
  
• Oracle Homepage (Oracle)
  
• REST Interface �?? Cross Site Request Forgery Vulnerabilit (Roberto Suggi Liverani)
  
• Oracle Critical Patch Update Advisory - April 2012 (Oracle)