Glassfish Server@2.1.1 Security Vulnerabilities and Issues — Glassfish Server@2.1.1 CVE List

Lucene search

OracleGlassfish Server2.1.1

16 matches found

CVE•added 2015/11/05 5:59 a.m.•239 views

CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possib...

9.8CVSS10AI score0.2424EPSS

CVE•added 2016/03/13 6:59 p.m.•205 views

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

8.8CVSS7.9AI score0.03012EPSS

CVE•added 2011/04/20 3:14 a.m.•142 views

CVE-2011-0807

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

10CVSS5.9AI score0.88889EPSS

CVE•added 2013/02/08 7:55 p.m.•133 views

CVE-2013-1620

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS6.7AI score0.01291EPSS

CVE•added 2011/12/30 1:55 a.m.•129 views

CVE-2011-5035

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers...

5CVSS8.9AI score0.52412EPSS

CVE•added 2017/01/27 10:59 p.m.•75 views

CVE-2016-5528

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise O...

9CVSS8.9AI score0.00913EPSS

CVE•added 2017/01/27 10:59 p.m.•65 views

CVE-2017-3250

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish ...

7.5CVSS7AI score0.00713EPSS

CVE•added 2016/10/25 2:29 p.m.•63 views

CVE-2016-5519

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces.

8.8CVSS7.4AI score0.01101EPSS

CVE•added 2011/10/18 10:55 p.m.•58 views

CVE-2011-3559

Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container.

7.8CVSS5.8AI score0.00955EPSS

CVE•added 2012/10/16 11:55 p.m.•58 views

CVE-2012-3155

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB.

5CVSS6.3AI score0.0082EPSS

CVE•added 2017/01/27 10:59 p.m.•56 views

CVE-2017-3249

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish ...

7.5CVSS7AI score0.0076EPSS

CVE•added 2016/07/21 10:15 a.m.•54 views

CVE-2016-5477

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.

5.8CVSS5AI score0.00348EPSS

CVE•added 2017/01/27 10:59 p.m.•53 views

CVE-2017-3247

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Serv...

4.3CVSS4.6AI score0.00506EPSS

CVE•added 2010/07/13 10:30 p.m.•46 views

CVE-2010-2397

Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI.

2.4CVSS5.7AI score0.00052EPSS

CVE•added 2008/06/18 7:41 p.m.•45 views

CVE-2008-2751

Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2)...

4.3CVSS5.7AI score0.00478EPSS

CVE•added 2011/01/19 5:0 p.m.•37 views

CVE-2010-4438

Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).

5.7CVSS5.6AI score0.00132EPSS