CVE-2012-0551

Oracle Java SE <7u4 & <6u32 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0551. PoCs published by Roberto Suggi Liverani.

AI-analyzed exploit summary This document describes multiple XSS vulnerabilities in Oracle GlassFish Server 3.1.1, including both reflected and stored XSS, and provides a JavaScript-based exploit to steal session tokens via the REST interface.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.

Exploits (1)

exploitdb WRITEUP

by Roberto Suggi Liverani · textwebappswindows

https://www.exploit-db.com/exploits/18764

View Code ZIP pw:eip

This document describes multiple XSS vulnerabilities in Oracle GlassFish Server 3.1.1, including both reflected and stored XSS, and provides a JavaScript-based exploit to steal session tokens via the REST interface.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Oracle GlassFish Server 3.1.1 (build 12)

Auth required

Prerequisites: Authenticated access to the GlassFish administrative interface · Victim interaction for reflected XSS or stored XSS payload execution

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16707

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-0734.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1026941

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=134496371727681&w=2

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1455.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1456.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/53136

Scores

EPSS 0.1152

EPSS Percentile 95.5%

Details

Status published

Products (10)

oracle/glassfish_server 3.1.1

oracle/jdk 1.6.0 update22 (9 CPE variants)

oracle/jdk 1.7.0 (4 CPE variants)

oracle/jdk < 1.6.0

oracle/jdk < 1.7.0

oracle/jre 1.6.0 update22 (9 CPE variants)

oracle/jre 1.7.0 (4 CPE variants)

oracle/jre < 1.6.0

oracle/jre < 1.7.0

sun/jdk 1.6.0 (19 CPE variants)

Published May 03, 2012

Tracked Since Feb 18, 2026