CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 5CVE-2017-1000028 – Oracle Glassfish OSE 4.1 - Path Traversal
https://notcve.org/view.php?id=CVE-2017-1000028
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. Oracle, GlassFish Server Open Source Edition versión 4.1 es vulnerable a directorios identificados y no autorizados, que puede operarse emitiendo una petición GET de HTTP especialmente creada. • https://www.exploit-db.com/exploits/45198 https://www.exploit-db.com/exploits/39441 https://www.exploit-db.com/exploits/45196 https://github.com/NeonNOXX/CVE-2017-1000028 https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4438
https://notcve.org/view.php?id=CVE-2010-4438
Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS). Vulnerabilidad no especificada en Oracle GlassFish v2.1, v2.1.1 y v3.0.1, y Java System Message Queue v4.1 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con Java Message Service (JMS). • http://osvdb.org/70572 http://osvdb.org/70573 http://secunia.com/advisories/42988 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45890 http://www.vupen.com/english/advisories/2011/0155 https://exchange.xforce.ibmcloud.com/vulnerabilities/64813 •