ID CVE-2016-3607
Summary Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.
References
Vulnerable Configurations
  • Oracle GlassFish Server 3.0.1
    cpe:2.3:a:oracle:glassfish_server:3.0.1
  • Oracle GlassFish Server 3.1.2
    cpe:2.3:a:oracle:glassfish_server:3.1.2
CVSS
Base: 10.0 (as of 12-08-2016 - 10:33)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Web Servers
    NASL id GLASSFISH_CVE-2016-3608.NASL
    description According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.0.1.x prior to 3.0.1.14. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smb_request_state() function due to using values that are assumed valid without properly checking boundaries. An unauthenticated, remote attacker can exploit this, via a malicious SMB server, to disclose arbitrary memory contents. (CVE-2015-3237) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3607) - Multiple unspecified flaws exist in the Administration subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3608, CVE-2016-5477)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 92463
    published 2016-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92463
    title Oracle GlassFish Server 3.0.1.x < 3.0.1.14 Multiple Vulnerabilities (July 2016 CPU)
  • NASL family Web Servers
    NASL id GLASSFISH_CVE-2015-3237.NASL
    description According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 3.1.2.15. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smb_request_state() function due to using values that are assumed valid without properly checking boundaries. An unauthenticated, remote attacker can exploit this, via a malicious SMB server, to disclose arbitrary memory contents. (CVE-2015-3237) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3607)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 92462
    published 2016-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92462
    title Oracle GlassFish Server 3.1.2.x < 3.1.2.15 Multiple Vulnerabilities (July 2016 CPU)
refmap via4
bid 91787
confirm
sectrack 1036371
Last major update 24-04-2017 - 21:59
Published 21-07-2016 - 06:14
Last modified 31-08-2017 - 21:29
Back to Top