ID CVE-2016-3608
Summary Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.
References
Vulnerable Configurations
  • Oracle GlassFish Server 3.0.1
    cpe:2.3:a:oracle:glassfish_server:3.0.1
CVSS
Base: 5.0 (as of 12-08-2016 - 10:33)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Web Servers
NASL id GLASSFISH_CVE-2016-3608.NASL
description According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.0.1.x prior to 3.0.1.14. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smb_request_state() function due to using values that are assumed valid without properly checking boundaries. An unauthenticated, remote attacker can exploit this, via a malicious SMB server, to disclose arbitrary memory contents. (CVE-2015-3237) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3607) - Multiple unspecified flaws exist in the Administration subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3608, CVE-2016-5477)
last seen 2019-02-21
modified 2018-07-12
plugin id 92463
published 2016-07-20
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=92463
title Oracle GlassFish Server 3.0.1.x < 3.0.1.14 Multiple Vulnerabilities (July 2016 CPU)
refmap via4
bid
  • 91787
  • 92031
confirm http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
sectrack 1036371
Last major update 28-11-2016 - 15:11
Published 21-07-2016 - 06:14
Last modified 31-08-2017 - 21:29
Back to Top