Oracle GlassFish Server 3.1.2.x < 184.108.40.206 (October 2018 CPU)
Medium Nessus Plugin ID 119559
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 220.127.116.11. Is is, therefore, affected by multiple vulnerabilities:
- A vulnerability could allow an Attacker with unauthenticated network access to compromise Oracle GlassFish Server. A successful attack would allow the access to critical data including creation, deletion or modification on the remote server. This attack requires human interaction. (CVE-2018-2911)
- An unauthenticated attacker with Network access can compromise Oracle GlassFish Server. An attacker who successfully exploited the vulnerability could cause a hang or a complete DOS of Oracle GlassFish Server. (CVE-2018-3152)
- An unauthenticated attacker with network access could compromise Oracle GlassFish Server. An attacker who successfully exploited the vulnerability could have read access to Oracle GlassFish Server information. (CVE-2018-3210)
SolutionUpgrade to Oracle GlassFish Server version 18.104.22.168 or later as referenced in the October 2018 Oracle Critical Patch Update advisory.