Oracle GlassFish Server 3.0.1 / 3.1.2 Unspecified Vulnerability (January 2015 CPU)

High Nessus Network Monitor Plugin ID 9001

Synopsis

The remote web server is affected by an unspecified vulnerability.

Description

Oracle GlassFish versions 3.0.1 and 3.1.2 are affected by an unspecified vulnerability. With trivial effort, a remote unauthenticated attacker can exploit this vulnerability to result in an unauthorized update, insertion, or deletion of data on the GlassFish server. Successful attempts to exploit may result in data loss or denial of service conditions.

Solution

Upgrade to GlassFish Server 3.0.1.10 / 3.1.2.10 or later.

See Also

http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html

Plugin Details

Severity: High

ID: 9001

Family: Web Servers

Published: 2015/10/26

Modified: 2015/10/26

Dependencies: 9007

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:glassfish_server

Patch Publication Date: 2015/01/20

Vulnerability Publication Date: 2015/01/20

Reference Information

CVE: CVE-2015-0396

BID: 72121