Vulnerability in Oracle GlassFish Server Component of Oracle Fusion Middleware
CVE-2016-5528

9CRITICAL

Key Information:

Vendor: Oracle
Status: Glassfish Server
Vendor: CVE Published:; 27 January 2017

Summary

A security vulnerability exists in the Oracle GlassFish Server component of Oracle Fusion Middleware, affecting versions 2.1.1, 3.0.1, and 3.1.2. This vulnerability allows an unauthenticated attacker with network access to exploit the server via multiple protocols. While the vulnerability is specific to the Oracle GlassFish Server, successful exploitation could potentially impact additional Oracle products. Attackers can gain control over the GlassFish Server, bringing about significant security risks for organizations relying on affected versions.

Affected Version(s)

GlassFish Server 2.1.1

GlassFish Server 3.0.1

GlassFish Server 3.1.2

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95478

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Jun 16, 2016