Oracle GlassFish Server 3.0.1 / 3.1.2 Unspecified Vulnerability (January 2015 CPU)

high Nessus Network Monitor Plugin ID 9001


The remote web server is affected by an unspecified vulnerability.


Oracle GlassFish versions 3.0.1 and 3.1.2 are affected by an unspecified vulnerability. With trivial effort, a remote unauthenticated attacker can exploit this vulnerability to result in an unauthorized update, insertion, or deletion of data on the GlassFish server. Successful attempts to exploit may result in data loss or denial of service conditions.


Upgrade to GlassFish Server / or later.

See Also

Plugin Details

Severity: High

ID: 9001

Family: Web Servers

Published: 10/26/2015

Updated: 3/6/2019

Nessus ID: 80949

Risk Information


Risk Factor: Medium

Score: 5.5


Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P


Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:glassfish_server

Patch Publication Date: 1/20/2015

Vulnerability Publication Date: 1/20/2015

Reference Information

CVE: CVE-2015-0396

BID: 72121