ID |
CVE-2015-4744
|
Summary |
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors related to Java Server Faces. |
References |
|
Vulnerable Configurations |
-
Oracle Fusion Middleware 2.1.1
cpe:2.3:a:oracle:fusion_middleware:2.1.1
-
Oracle Fusion Middleware 3.0.1
cpe:2.3:a:oracle:fusion_middleware:3.0.1
-
Oracle Fusion Middleware 3.1.2
cpe:2.3:a:oracle:fusion_middleware:3.1.2
-
Oracle Fusion Middleware 10.3.6
cpe:2.3:a:oracle:fusion_middleware:10.3.6
-
Oracle Fusion Middleware 12.1.1
cpe:2.3:a:oracle:fusion_middleware:12.1.1
-
Oracle Fusion Middleware 12.1.2.0.0
cpe:2.3:a:oracle:fusion_middleware:12.1.2.0.0
-
cpe:2.3:a:oracle:fusion_middleware:12.1.3.0.0
cpe:2.3:a:oracle:fusion_middleware:12.1.3.0.0
|
CVSS |
Base: | 2.6 (as of 28-12-2016 - 10:19) |
Impact: | |
Exploitability: | |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
PARTIAL |
NONE |
|
nessus
via4
|
NASL family | Web Servers | NASL id | GLASSFISH_CPU_JUL_2015.NASL | description | The version of Oracle GlassFish Server running on the remote host is
affected by multiple vulnerabilities :
- A security bypass vulnerability exists in the bundled
Network Security Services (NSS) library because the
definite_length_decoder() function, in file quickder.c,
does not properly form the DER encoding of an ASN.1
length. A remote attacker, by using a long byte sequence
for an encoding, can exploit this issue to conduct
undetected smuggling of arbitrary data. (CVE-2014-1569)
- An unspecified flaw exists related to the Java Server
Faces subcomponent. A remote attacker can exploit this
to affect the integrity of the system. (CVE-2015-2623)
- An unspecified flaw exists related to the Java Server
Faces and Web Container subcomponents. A remote attacker
can exploit this to affect the integrity of the system.
(CVE-2015-4744) | last seen | 2019-01-16 | modified | 2018-07-12 | plugin id | 84810 | published | 2015-07-16 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=84810 | title | Oracle GlassFish Server Multiple Vulnerabilities (July 2015 CPU) |
|
refmap
via4
|
|
Last major update |
28-12-2016 - 11:28 |
Published |
16-07-2015 - 07:00 |