CVE-2017-1000028 – Oracle Glassfish OSE 4.1 - Path Traversal
https://notcve.org/view.php?id=CVE-2017-1000028
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. Oracle, GlassFish Server Open Source Edition versión 4.1 es vulnerable a directorios identificados y no autorizados, que puede operarse emitiendo una petición GET de HTTP especialmente creada. • https://www.exploit-db.com/exploits/45198 https://www.exploit-db.com/exploits/39441 https://www.exploit-db.com/exploits/45196 https://github.com/NeonNOXX/CVE-2017-1000028 https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-1000029
https://notcve.org/view.php?id=CVE-2017-1000029
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. Oracle, GlassFish Server Open Source Edition versión 3.0.1 (build 22), es susceptible a la vulnerabilidad de Inclusión de Archivos Locales, que hace posible incluir archivos arbitrarios en el servidor, esta vulnerabilidad puede ser explotada sin ninguna autenticación previa. • https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-3626
https://notcve.org/view.php?id=CVE-2017-3626
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97896 http://www.securitytracker.com/id/1038293 •
CVE-2017-3250
https://notcve.org/view.php?id=CVE-2017-3250
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95480 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-5528
https://notcve.org/view.php?id=CVE-2016-5528
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95478 •