ID CVE-2015-2623
Summary Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related to Java Server Faces.
References
Vulnerable Configurations
  • Oracle Fusion Middleware 3.1.2
    cpe:2.3:a:oracle:fusion_middleware:3.1.2
  • Oracle Fusion Middleware 3.0.1
    cpe:2.3:a:oracle:fusion_middleware:3.0.1
  • Oracle Fusion Middleware 10.3.6
    cpe:2.3:a:oracle:fusion_middleware:10.3.6
  • Oracle Fusion Middleware 12.1.1
    cpe:2.3:a:oracle:fusion_middleware:12.1.1
  • Oracle Fusion Middleware 12.1.2.0.0
    cpe:2.3:a:oracle:fusion_middleware:12.1.2.0.0
  • cpe:2.3:a:oracle:fusion_middleware:12.1.3.0.0
    cpe:2.3:a:oracle:fusion_middleware:12.1.3.0.0
CVSS
Base: 4.3 (as of 16-07-2015 - 11:13)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family Web Servers
NASL id GLASSFISH_CPU_JUL_2015.NASL
description The version of Oracle GlassFish Server running on the remote host is affected by multiple vulnerabilities : - A security bypass vulnerability exists in the bundled Network Security Services (NSS) library because the definite_length_decoder() function, in file quickder.c, does not properly form the DER encoding of an ASN.1 length. A remote attacker, by using a long byte sequence for an encoding, can exploit this issue to conduct undetected smuggling of arbitrary data. (CVE-2014-1569) - An unspecified flaw exists related to the Java Server Faces subcomponent. A remote attacker can exploit this to affect the integrity of the system. (CVE-2015-2623) - An unspecified flaw exists related to the Java Server Faces and Web Container subcomponents. A remote attacker can exploit this to affect the integrity of the system. (CVE-2015-4744)
last seen 2019-01-16
modified 2018-07-12
plugin id 84810
published 2015-07-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=84810
title Oracle GlassFish Server Multiple Vulnerabilities (July 2015 CPU)
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
sectrack 1032953
Last major update 27-12-2016 - 21:59
Published 16-07-2015 - 06:59
Back to Top