cnvd - cnvd-2017-27304

cnvd-2017-27304

Vulnerability from cnvd

Title: Oracle GlassFish Server Open Source Edition授权问题漏洞

Description:

Oracle GlassFish Server Open Source Edition是美国甲骨文（Oracle）公司的一套开源版本的用于构建Java EE（服务器端Java应用程序）的服务器。

Oracle GlassFish Server Open Source Edition 3.0.1 (build 22)版本中存在安全漏洞。攻击者可利用该漏洞获取管理员用户的明文密码及基于Web的管理界面的访问权限。

Severity: 中

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://www.oracle.com/

Reference: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037

Impacted products

Name
Oracle GlassFish Server Open Source Edition 3.0.1 (build 22)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1000030"
    }
  },
  "description": "Oracle GlassFish Server Open Source Edition\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7248\u672c\u7684\u7528\u4e8e\u6784\u5efaJava EE\uff08\u670d\u52a1\u5668\u7aefJava\u5e94\u7528\u7a0b\u5e8f\uff09\u7684\u670d\u52a1\u5668\u3002\r\n\r\nOracle GlassFish Server Open Source Edition 3.0.1 (build 22)\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u5458\u7528\u6237\u7684\u660e\u6587\u5bc6\u7801\u53ca\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Piotr Karolak of Trustwave\u0027s SpiderLabs",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://www.oracle.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-27304",
  "openTime": "2017-09-19",
  "products": {
    "product": "Oracle GlassFish Server Open Source Edition 3.0.1 (build 22)"
  },
  "referenceLink": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037",
  "serverity": "\u4e2d",
  "submitTime": "2017-08-01",
  "title": "Oracle GlassFish Server Open Source Edition\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2017-1000030 (GCVE-0-2017-1000030)

Vulnerability from cvelistv5

Published

2017-07-13 20:00

Modified

2024-08-05 21:53

Severity ?

CWE

Summary

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.

References

▼	URL	Tags
	https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:53:06.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2017-05-06T00:00:00",
      "datePublic": "2017-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-13T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2017-05-06T20:43:28.279652",
          "ID": "CVE-2017-1000030",
          "REQUESTER": "pkarolak@trustwave.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037",
              "refsource": "MISC",
              "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-1000030",
    "datePublished": "2017-07-13T20:00:00",
    "dateReserved": "2017-07-10T00:00:00",
    "dateUpdated": "2024-08-05T21:53:06.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted