CVE-2013-3827
Oracle GlassFish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
Vulnerabilidad no especificada en el componente de Oracle GlassFish Server en Oracle Fusion Middleware 2.1.1, 3.0.1 y 3.1.2, el componente de Oracle JDeveloper de Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0 y 12.1.2.0. 0, y el componente de Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0 y 12.1.1 que permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Java Server Faces o el Web Container.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-03 CVE Reserved
- 2013-10-15 First Exploit
- 2013-10-16 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.kb.cert.org/vuls/id/526012 | Third Party Advisory | |
http://www.securityfocus.com/bid/63052 | Vdb Entry | |
http://www.securitytracker.com/id/1029190 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/38802 | 2013-10-15 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2014-0029.html | 2016-12-31 | |
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | 2016-12-31 | |
https://access.redhat.com/security/cve/CVE-2013-3827 | 2014-01-15 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1038898 | 2014-01-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 2.1.1 Search vendor "Oracle" for product "Fusion Middleware" and version "2.1.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 3.0.1 Search vendor "Oracle" for product "Fusion Middleware" and version "3.0.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 3.1.2 Search vendor "Oracle" for product "Fusion Middleware" and version "3.1.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 10.3.6 Search vendor "Oracle" for product "Fusion Middleware" and version "10.3.6" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 11.1.2.3.0 Search vendor "Oracle" for product "Fusion Middleware" and version "11.1.2.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 11.1.2.4.0 Search vendor "Oracle" for product "Fusion Middleware" and version "11.1.2.4.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 12.1.1 Search vendor "Oracle" for product "Fusion Middleware" and version "12.1.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 12.1.2.0.0 Search vendor "Oracle" for product "Fusion Middleware" and version "12.1.2.0.0" | - |
Affected
|