Oracle GlassFish Server 2.1.1.x < 2.1.1.30 / 3.0.1.x < 3.0.1.15 / 3.1.2.x < 3.1.2.16 Multiple Vulnerabilities (January 2017 CPU)

2017-02-0900:00:00

Tenable

www.tenable.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.003

Percentile

66.1%

JSON

Oracle GlassFish versions 2.1.1.x prior to 2.1.1.30, 3.0.1.x prior to 3.0.1.15, and 3.1.2.x prior to 3.1.2.16 are affected by the following vulnerabilities :

An unspecified flaw exists related to the Security subcomponent. This may allow a remote attacker to potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5528)
An unspecified flaw exists related to the Administration subcomponent. This may allow a local attacker to gain access to potentially sensitive information. No further details have been provided by the vendor. (CVE-2017-3239)
An unspecified flaw exists related to the Core subcomponent. This may allow a context-dependent attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2017-3247)
An unspecified flaw exists related to the Security subcomponent. This may allow a remote attacker to have an impact on confidentiality, integrity, and availability. No further details have been provided by the vendor. (CVE-2017-3249)
An unspecified flaw exists related to the Security subcomponent. This may allow a remote attacker to have an impact on confidentiality, integrity, and availability. No further details have been provided by the vendor. (CVE-2017-3250)