Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.GLASSFISH_CPU_JAN_2016.NASL
HistoryJan 20, 2016 - 12:00 a.m.

Oracle GlassFish Embedded Server Vulnerabilities (January 2016 CPU)

2016-01-2000:00:00
This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
40

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:C/I:C/A:P

0.001 Low

EPSS

Percentile

49.5%

JSON

The version of Oracle GlassFish Server running on the remote host is affected by multiple vulnerabilities due to unspecified flaws related to the Embedded Server subcomponent. A remote attacker can exploit these to impact availability, integrity, and confidentiality. No further details have been provided by the vendor.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(88022);
  script_version("1.9");
  script_cvs_date("Date: 2018/11/15 20:50:25");

  script_cve_id("CVE-2016-0441", "CVE-2016-0453");

  script_name(english:"Oracle GlassFish Embedded Server Vulnerabilities (January 2016 CPU)");
  script_summary(english:"Checks the version of Oracle GlassFish.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple unspecified
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle GlassFish Server running on the remote host is
affected by multiple vulnerabilities due to unspecified flaws related
to the Embedded Server subcomponent. A remote attacker can exploit
these to impact availability, integrity, and confidentiality. No
further details have been provided by the vendor.");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle GlassFish Server version 3.1.2.14 or later as
referenced in the January 2016 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  # http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d13bbe45");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/01/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:glassfish_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("glassfish_detect.nasl");
  script_require_keys("www/glassfish");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("audit.inc");
include("glassfish.inc");

#
# Main
#

# Check for GlassFish
get_kb_item_or_exit('www/glassfish');

port = get_glassfish_port(default:8080);

# Get the version number out of the KB.
ver = get_kb_item_or_exit("www/" + port + "/glassfish/version");
banner = get_kb_item_or_exit("www/" + port + "/glassfish/source");
pristine = get_kb_item_or_exit("www/" + port + "/glassfish/version/pristine");

# Set appropriate fixed versions.
if (ver =~ "^3\.1\.2") fix = "3.1.2.14";

if (ver_compare(ver:ver, fix:fix, strict:FALSE) < 0)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : ' + banner +
      '\n  Installed version : ' + pristine +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Oracle GlassFish", port, pristine);
VendorProductVersionCPE
oracleglassfish_servercpe:/a:oracle:glassfish_server

Related

prion 2
cve 2
debiancve 2
nvd 2
cvelist 2
oracle 1
prion
prion
Buffer overflow
2016-01-21 03:00:00
Buffer overflow
2016-01-21 02:59:00
cve
cve
CVE-2016-0453
2016-01-21 03:00:02
CVE-2016-0441
2016-01-21 02:59:50
debiancve
debiancve
CVE-2016-0453
2016-01-21 03:00:00
CVE-2016-0441
2016-01-21 02:59:00
nvd
nvd
CVE-2016-0453
2016-01-21 03:00:02
CVE-2016-0441
2016-01-21 02:59:50
cvelist
cvelist
CVE-2016-0441
2016-01-21 02:00:00
CVE-2016-0453
2016-01-21 02:00:00
oracle
oracle
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:C/I:C/A:P

0.001 Low

EPSS

Percentile

49.5%

JSON
Related for GLASSFISH_CPU_JAN_2016.NASL
prion2cve2debiancve2nvd2cvelist2oracle1