Oracle GlassFish Server 3.0.1 / 3.1.2 Unspecified Vulnerability (January 2015 CPU)

High Nessus Network Monitor Plugin ID 9001


The remote web server is affected by an unspecified vulnerability.


Oracle GlassFish versions 3.0.1 and 3.1.2 are affected by an unspecified vulnerability. With trivial effort, a remote unauthenticated attacker can exploit this vulnerability to result in an unauthorized update, insertion, or deletion of data on the GlassFish server. Successful attempts to exploit may result in data loss or denial of service conditions.


Upgrade to GlassFish Server / or later.

See Also

Plugin Details

Severity: High

ID: 9001

Family: Web Servers

Published: 2015/10/26

Updated: 2019/03/06

Dependencies: 9007

Nessus ID: 80949

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:glassfish_server

Patch Publication Date: 2015/01/20

Vulnerability Publication Date: 2015/01/20

Reference Information

CVE: CVE-2015-0396

BID: 72121