Oracle GlassFish Server 3.0.1 / 3.1.2 Unspecified Vulnerability (January 2015 CPU)

high Nessus Network Monitor Plugin ID 9001

Synopsis

The remote web server is affected by an unspecified vulnerability.

Description

Oracle GlassFish versions 3.0.1 and 3.1.2 are affected by an unspecified vulnerability. With trivial effort, a remote unauthenticated attacker can exploit this vulnerability to result in an unauthorized update, insertion, or deletion of data on the GlassFish server. Successful attempts to exploit may result in data loss or denial of service conditions.

Solution

Upgrade to GlassFish Server 3.0.1.10 / 3.1.2.10 or later.

See Also

http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html

Plugin Details

Severity: High

ID: 9001

Family: Web Servers

Published: 10/26/2015

Updated: 3/6/2019

Nessus ID: 80949

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:glassfish_server

Patch Publication Date: 1/20/2015

Vulnerability Publication Date: 1/20/2015

Reference Information

CVE: CVE-2015-0396

BID: 72121