CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
35.9%
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion
Middleware (subcomponent: Security). Supported versions that are affected
are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows
unauthenticated attacker with network access via HTTP to compromise Oracle
GlassFish Server. Successful attacks of this vulnerability can result in
unauthorized update, insert or delete access to some of Oracle GlassFish
Server accessible data as well as unauthorized read access to a subset of
Oracle GlassFish Server accessible data and unauthorized ability to cause a
partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS
v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).
www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3432537.xml
www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixFMW
launchpad.net/bugs/cve/CVE-2017-3250
nvd.nist.gov/vuln/detail/CVE-2017-3250
security-tracker.debian.org/tracker/CVE-2017-3250
www.cve.org/CVERecord?id=CVE-2017-3250
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
35.9%