Lucene search

[email protected]CVE-2017-1000028

HistoryJul 17, 2017 - 1:18 p.m.

CVE-2017-1000028

2017-07-1713:18:00

CWE-22

[email protected]

web.nvd.nist.gov

oracle

glassfish

server

4.1

cve

2017

1000028

directory traversal

vulnerability

http get

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

JSON

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

CPENameOperatorVersion
oracle:glassfish_serveroracle glassfish servereq4.1

CPE	Name	Operator	Version
oracle:glassfish_server	oracle glassfish server	eq	4.1

References

www.exploit-db.com/exploits/45196/

www.exploit-db.com/exploits/45198/

www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

JSON

Related for CVE-2017-1000028

openvas2 debiancve1 prion1 nessus1 ubuntucve1 packetstorm1 cvelist1 nuclei1