CVE-2017-1000028

7.5HIGH

Key Information:

Vendor: Oracle
Status: Glassfish Server
Vendor: CVE Published:; 17 July 2017

Badges

👾 Exploit Exists🟣 EPSS 97%

Summary

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

References

https://www.exploit-db.com/exploits/45198/

exploitx_refsource_EXPLOIT-DB

https://www.exploit-db.com/exploits/45196/

exploitx_refsource_EXPLOIT-DB

https://www.trustwave.com/Resources/Security-Advisories/A...

x_refsource_MISC

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Dec 7, 2023
👾
Exploit known to exist
Dec 7, 2023
Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Jul 10, 2017