Lucene search

[email protected]CVE-2017-1000030

HistoryJul 17, 2017 - 1:18 p.m.

CVE-2017-1000030

2017-07-1713:18:16

CWE-287

[email protected]

web.nvd.nist.gov

oracle

glassfish server

cve-2017-1000030

java key store

password disclosure

nvd

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.2%

JSON

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.

Affected configurations

NVD

Node

oracleglassfish_serverMatch3.0.1open_source

CPENameOperatorVersion
oracle:glassfish_serveroracle glassfish servereq3.0.1

CPE	Name	Operator	Version
oracle:glassfish_server	oracle glassfish server	eq	3.0.1

References

www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVE-2017-1000030

ubuntucve1 prion1 nvd1 debiancve1 cvelist1 openvas1 nessus1