Vulnerability in Oracle GlassFish Server of Oracle Fusion Middleware
CVE-2018-3152

7.5HIGH

Key Information:

Vendor: Oracle
Status: Glassfish Server
Vendor: CVE Published:; 17 October 2018

Summary

A vulnerability exists in the Oracle GlassFish Server component of Oracle Fusion Middleware, particularly affecting version 3.1.2. This flaw allows an unauthenticated attacker to exploit the server through HTTP requests, potentially leading to a denial of service. Successful exploitation may result in the server hanging or crashing repeatedly, disrupting the service and affecting availability. Attackers can leverage this vulnerability easily, posing significant risks to systems relying on the Oracle GlassFish Server.

Affected Version(s)

GlassFish Server 3.1.2

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105618

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Dec 15, 2017