malerisch.net

Following disclosure of Oracle bugs , here is another bug found in Oracle GlassFish Server 3.1.1. The interesting part of this advisory is the exploit. When looking at the features of the Oracle GlassFish Server, I have noticed that with a XSS it would be possible to steal the session token and bypass HTTPOnly protection. I have found this condition to be true if a user is authenticated to the REST interface, which does not have the same security controls of the main web administrative interface. Quite an interesting point to keep in consideration when testing applications that come with a standard interface and a REST interface as well. Details Vendor Site: Oracle (www.oracle.com) Date: April, 19th 2012 – CVE 2012-0551 Affected Software: Oracle GlassFish Server 3.1.1 (build 12) Researcher: Roberto Suggi Liverani PDF version: http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_Multiple_XSS.pdf Description Security-Assessment.com has discover...

Time for some disclosure. Below, details of a CSRF bug discovered in Oracle GlassFish Server 3.1.1 few months ago. Interesting to observe that Oracle rates this as the third most critical bug fixed among the Oracle Sun Products. I guess that's because of the exploit which was included in the original report and which I am releasing as part of this advisory. I found a curios angle to exploit this bug, as arbitrary file upload of a WAR archive can be performed. A quite cool way to exploit a CSRF and own Oracle GlassFish, if you ask me :-). Enjoy. Details Vendor Site:  Oracle (www.oracle.com) Date:  April, 19th 2012 – CVE 2012-0550 Affected Software:  Oracle GlassFish Server 3.1.1 (build 12) Researcher:  Roberto Suggi Liverani PDF version:  http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_REST_CSRF.pdf Description Security-Assessment.com has discovered that the Oracle GlassFish Server REST interface is vulnerable to C...