Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310902286
HistoryFeb 07, 2011 - 12:00 a.m.

Oracle Java GlassFish Server Privilege Escalation Vulnerability

2011-02-0700:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
33

CVSS2

5.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:P/I:P/A:C

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

26.5%

JSON

GlassFish Server is prone to a privilege escalation vulnerability.

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:oracle:glassfish_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.902286");
  script_version("2024-03-04T14:37:58+0000");
  script_tag(name:"last_modification", value:"2024-03-04 14:37:58 +0000 (Mon, 04 Mar 2024)");
  script_tag(name:"creation_date", value:"2011-02-07 15:21:16 +0100 (Mon, 07 Feb 2011)");
  script_cve_id("CVE-2010-4438");
  script_tag(name:"cvss_base", value:"5.7");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:P/I:P/A:C");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Oracle Java GlassFish Server Privilege Escalation Vulnerability");

  script_xref(name:"URL", value:"http://secunia.com/advisories/42988");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/45890");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/64813");
  script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2011/0155");
  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html");

  script_tag(name:"qod_type", value:"remote_banner");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("GlassFish_detect.nasl");
  script_mandatory_keys("GlassFish/installed");

  script_tag(name:"impact", value:"Successful exploitation could allow local attackers to affect confidentiality
and integrity via unknown vectors.");

  script_tag(name:"affected", value:"Oracle GlassFish version 2.1, 2.1.1 and 3.0.1");

  script_tag(name:"insight", value:"The issue is caused by an unspecified error related to the Java Message
Service, which could allow local attackers to disclose or manipulate certain information, or create a denial of
service condition.");

  script_tag(name:"summary", value:"GlassFish Server is prone to a privilege escalation vulnerability.");

  script_tag(name:"solution", value:"Apply the security updates.");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!version = get_app_version(cpe: CPE, port: port))
  exit(0);

if (version_is_equal(version: version, test_version:"3.0.1") ||
    version_in_range(version: version, test_version:"2.1", test_version2:"2.1.1")) {
  report = report_fixed_ver( installed_version: version, fixed_version: "See references");
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Related

nessus 6
ubuntucve 1
prion 1
nvd 1
cve 1
openvas 1
cvelist 1
debiancve 1
securityvulns 1
oracle 1
nessus
nessus
Solaris 10 (x86) : 127413-16 (deprecated)
2013-12-28 00:00:00
Solaris 9 (x86) : 127413-16
2013-12-28 00:00:00
Solaris 10 (x86) : 127413-16
2018-03-12 00:00:00
ubuntucve
ubuntucve
CVE-2010-4438
2011-01-19 00:00:00
prion
prion
Buffer overflow
2011-01-19 17:00:00
nvd
nvd
CVE-2010-4438
2011-01-19 17:00:02
cve
cve
CVE-2010-4438
2011-01-19 17:00:02
openvas
openvas
Oracle Java GlassFish Server Privilege Escalation Vulnerability
2011-02-07 00:00:00
cvelist
cvelist
CVE-2010-4438
2011-01-19 16:00:00
debiancve
debiancve
CVE-2010-4438
2011-01-19 17:00:00
securityvulns
securityvulns
Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
2011-02-26 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2011
2011-01-18 00:00:00

CVSS2

5.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:P/I:P/A:C

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

26.5%

JSON
Related for OPENVAS:1361412562310902286
nessus6ubuntucve1prion1nvd1cve1openvas1cvelist1debiancve1securityvulns1oracle1