ID CVE-2016-5477
Summary Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.
References
Vulnerable Configurations
  • Oracle GlassFish Enterprise Server 2.1.1
    cpe:2.3:a:oracle:glassfish_server:2.1.1
  • Oracle GlassFish Server 3.0.1
    cpe:2.3:a:oracle:glassfish_server:3.0.1
CVSS
Base: 5.0 (as of 12-08-2016 - 09:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Web Servers
    NASL id GLASSFISH_CVE-2016-3608.NASL
    description According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.0.1.x prior to 3.0.1.14. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smb_request_state() function due to using values that are assumed valid without properly checking boundaries. An unauthenticated, remote attacker can exploit this, via a malicious SMB server, to disclose arbitrary memory contents. (CVE-2015-3237) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3607) - Multiple unspecified flaws exist in the Administration subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3608, CVE-2016-5477)
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 92463
    published 2016-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92463
    title Oracle GlassFish Server 3.0.1.x < 3.0.1.14 Multiple Vulnerabilities (July 2016 CPU)
  • NASL family Web Servers
    NASL id GLASSFISH_CVE-2016-5477.NASL
    description According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 2.1.1.x prior to 2.1.1.28. It is, therefore, affected by an unspecified flaw in the Administration subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 92464
    published 2016-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92464
    title Oracle GlassFish Server 2.1.1.x < 2.1.1.28 Information Disclosure (July 2016 CPU)
refmap via4
bid
  • 91787
  • 92032
confirm http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
sectrack 1036371
Last major update 28-11-2016 - 15:26
Published 21-07-2016 - 06:15
Last modified 31-08-2017 - 21:29
Back to Top