ID CVE-2013-3827
Summary Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
References
Vulnerable Configurations
  • Oracle Fusion Middleware 11.1.2.3.0
    cpe:2.3:a:oracle:fusion_middleware:11.1.2.3.0
  • Oracle Fusion Middleware 11.1.2.4.0
    cpe:2.3:a:oracle:fusion_middleware:11.1.2.4.0
  • Oracle Fusion Middleware 12.1.2.0.0
    cpe:2.3:a:oracle:fusion_middleware:12.1.2.0.0
  • Oracle Fusion Middleware 12.1.1
    cpe:2.3:a:oracle:fusion_middleware:12.1.1
  • Oracle Fusion Middleware 10.3.6
    cpe:2.3:a:oracle:fusion_middleware:10.3.6
  • Oracle Fusion Middleware 2.1.1
    cpe:2.3:a:oracle:fusion_middleware:2.1.1
  • Oracle Fusion Middleware 3.0.1
    cpe:2.3:a:oracle:fusion_middleware:3.0.1
  • Oracle Fusion Middleware 3.1.2
    cpe:2.3:a:oracle:fusion_middleware:3.1.2
CVSS
Base: 5.0 (as of 16-10-2013 - 13:09)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Oracle Glassfish Server 2.1.1/3.0.1 Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access. CVE-2013-3827. Remote exploits for multiple pl...
id EDB-ID:38802
last seen 2016-02-04
modified 2013-10-15
published 2013-10-15
reporter Alex Kouzemtchenko
source https://www.exploit-db.com/download/38802/
title Oracle Glassfish Server 2.1.1/3.0.1 Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access
nessus via4
  • NASL family Web Servers
    NASL id GLASSFISH_CPU_OCT_2013.NASL
    description The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities in the following components : - Java Server Faces - Metro
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70482
    published 2013-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70482
    title Oracle GlassFish Server Multiple Vulnerabilities (October 2013 CPU)
  • NASL family CGI abuses
    NASL id ORACLE_JAVASERVER_FACES_DIRECTORY_TRAVERSAL.NASL
    description The remote web server contains a JavaServer Faces application that is affected by multiple partial directory traversal vulnerabilities : - A defect exists in the handling of a resource identifier that allows for directory traversal within the application. - A defect exists in the handling of a library name that allows for directory traversal within the application. Note that the application may also be affected by a ViewState HMAC non-constant verification weakness; however, Nessus has not tested for this. Note that this plugin will only report the first vulnerable application.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 70963
    published 2013-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70963
    title Oracle JavaServer Faces Multiple Partial Directory Traversals
redhat via4
advisories
rhsa
id RHSA-2014:0029
refmap via4
bid 63052
cert-vn VU#526012
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
sectrack 1029190
Last major update 30-12-2016 - 21:59
Published 16-10-2013 - 11:55
Back to Top