6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.2%
According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 2.1.1.x prior to 2.1.1.29, 3.0.1.x prior to 3.0.1.14, or 3.1.2.x prior to 3.1.2.15. It is, therefore, affected by a remote code execution vulnerability in the Java Server Faces component subcomponent. An authenticated, remote attacker can exploit this to execute arbitrary code.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(94161);
script_version("1.8");
script_cvs_date("Date: 2019/11/14");
script_cve_id("CVE-2016-5519");
script_bugtraq_id(93698);
script_name(english:"Oracle GlassFish Server 2.1.1.x < 2.1.1.29 / 3.0.1.x < 3.0.1.14 / 3.1.2.x < 3.1.2.15 Java Server Faces RCE (October 2016 CPU)");
script_summary(english:"Checks the version of Oracle GlassFish.");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a remote code execution
vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Oracle GlassFish
Server running on the remote host is 2.1.1.x prior to 2.1.1.29,
3.0.1.x prior to 3.0.1.14, or 3.1.2.x prior to 3.1.2.15. It is,
therefore, affected by a remote code execution vulnerability in the
Java Server Faces component subcomponent. An authenticated, remote
attacker can exploit this to execute arbitrary code.");
# http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5");
script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle GlassFish Server version 2.1.1.29 / 3.0.1.14 / or
3.1.2.15 as referenced in the October 2016 Oracle Critical Patch
Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5519");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/18");
script_set_attribute(attribute:"patch_publication_date", value:"2016/10/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:glassfish_server");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("glassfish_detect.nasl");
script_require_keys("www/glassfish");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("audit.inc");
include("glassfish.inc");
#
# Main
#
# Check for GlassFish
get_kb_item_or_exit('www/glassfish');
port = get_glassfish_port(default:8080);
# Get the version number out of the KB.
ver = get_kb_item_or_exit("www/" + port + "/glassfish/version");
banner = get_kb_item_or_exit("www/" + port + "/glassfish/source");
pristine = get_kb_item_or_exit("www/" + port + "/glassfish/version/pristine");
# Set appropriate fixed versions.
if (ver =~ "^3\.1\.2") fix = "3.1.2.15";
else if (ver =~ "^3\.0\.1") fix = "3.0.1.14";
else if (ver =~ "^2\.1\.1") fix = "2.1.1.29";
if (!empty_or_null(ver) && ver_compare(ver:ver, fix:fix, strict:FALSE) < 0)
{
report =
'\n Version source : ' + banner +
'\n Installed version : ' + pristine +
'\n Fixed version : ' + fix +
'\n';
security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Oracle GlassFish", port, pristine);
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | glassfish_server | cpe:/a:oracle:glassfish_server |
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.2%