From: Eduardo Jorge <serrano.neves_at_gmail.com>
Date: Mon, 16 Jun 2008 21:25:43 -0300

Ken,

I know that is exploitable only logged in admin interface.

Tks for your attention

Happy hacking! :)

On Mon, Jun 16, 2008 at 9:20 PM, Ken Paulsen <Ken.Paulsen_at_sun.com> wrote:
>
> Hi Eduardo,
>
> Thanks for pointing these out. We did see this brought up last week. These
> issues have been evaluated and will be fixed. However, none of them (that I
> am aware of) are exploitable without being logged into the admin console.
>
> Thanks!
>
> Ken Paulsen
>
> Eduardo Jorge wrote:
>>
>> Hi,
>>
>> I'm found some vulnerabilities in glassfish webadmin interface, please
>> see more details in my blog
>>
>> http://webappsecurity.wordpress.com/2008/06/14/multiple-xss-in-glassfish/
>>
>> http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/
>>
>>
>

-- 
|_|0|_| Serrano Neves - a.k.a eth0
|_|_|0| http://webappsecurity.wordpress.com
|0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds