ID |
CVE-2013-3827
|
Summary |
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container. |
References |
|
Vulnerable Configurations |
-
Oracle Fusion Middleware 11.1.2.3.0
cpe:2.3:a:oracle:fusion_middleware:11.1.2.3.0
-
Oracle Fusion Middleware 11.1.2.4.0
cpe:2.3:a:oracle:fusion_middleware:11.1.2.4.0
-
Oracle Fusion Middleware 12.1.2.0.0
cpe:2.3:a:oracle:fusion_middleware:12.1.2.0.0
-
Oracle Fusion Middleware 12.1.1
cpe:2.3:a:oracle:fusion_middleware:12.1.1
-
Oracle Fusion Middleware 10.3.6
cpe:2.3:a:oracle:fusion_middleware:10.3.6
-
Oracle Fusion Middleware 2.1.1
cpe:2.3:a:oracle:fusion_middleware:2.1.1
-
Oracle Fusion Middleware 3.0.1
cpe:2.3:a:oracle:fusion_middleware:3.0.1
-
Oracle Fusion Middleware 3.1.2
cpe:2.3:a:oracle:fusion_middleware:3.1.2
|
CVSS |
Base: | 5.0 (as of 16-10-2013 - 13:09) |
Impact: | |
Exploitability: | |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
exploit-db
via4
|
description | Oracle Glassfish Server 2.1.1/3.0.1 Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access. CVE-2013-3827. Remote exploits for multiple pl... | id | EDB-ID:38802 | last seen | 2016-02-04 | modified | 2013-10-15 | published | 2013-10-15 | reporter | Alex Kouzemtchenko | source | https://www.exploit-db.com/download/38802/ | title | Oracle Glassfish Server 2.1.1/3.0.1 Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access |
|
nessus
via4
|
NASL family | CGI abuses | NASL id | ORACLE_JAVASERVER_FACES_DIRECTORY_TRAVERSAL.NASL | description | The remote web server contains a JavaServer Faces application that is
affected by multiple partial directory traversal vulnerabilities :
- A defect exists in the handling of a resource identifier
that allows for directory traversal within the
application.
- A defect exists in the handling of a library name that
allows for directory traversal within the application.
Note that the application may also be affected by a ViewState HMAC
non-constant verification weakness; however, Nessus has not tested for
this.
Note that this plugin will only report the first vulnerable
application. | last seen | 2019-01-16 | modified | 2018-07-18 | plugin id | 70963 | published | 2013-11-19 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=70963 | title | Oracle JavaServer Faces Multiple Partial Directory Traversals |
NASL family | Web Servers | NASL id | GLASSFISH_CPU_OCT_2013.NASL | description | The version of GlassFish Server running on the remote host is affected
by multiple vulnerabilities in the following components :
- Java Server Faces
- Metro | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 70482 | published | 2013-10-17 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=70482 | title | Oracle GlassFish Server Multiple Vulnerabilities (October 2013 CPU) |
|
redhat
via4
|
|
refmap
via4
|
|
Last major update |
30-12-2016 - 21:59 |
Published |
16-10-2013 - 11:55 |