VYPR

Glassfish Server

by Oracle Corporation

CVEs (51)

  • CVE-2015-7182CriNov 5, 2015
    risk 0.65cvss 9.8epss 0.10

    Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service…

  • CVE-2017-1000030CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based…

  • CVE-2016-3607CriJul 21, 2016
    risk 0.64cvss 9.8epss 0.07

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.

  • CVE-2017-1000028HigJul 17, 2017
    risk 0.60cvss 7.5epss 0.99

    Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

  • CVE-2016-5528CriJan 27, 2017
    risk 0.59cvss 9.0epss 0.02

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple…

  • CVE-2016-1950HigMar 13, 2016
    risk 0.58cvss 8.8epss 0.04

    Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an…

  • CVE-2016-5519HigOct 25, 2016
    risk 0.57cvss 8.8epss 0.02

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces.

  • CVE-2017-1000029HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.08

    Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.

  • CVE-2017-10391HigOct 19, 2017
    risk 0.48cvss 7.3epss 0.02

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2017-3250HigJan 27, 2017
    risk 0.48cvss 7.3epss 0.01

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2017-3249HigJan 27, 2017
    risk 0.48cvss 7.3epss 0.01

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to…

  • CVE-2017-10393MedOct 19, 2017
    risk 0.41cvss 6.3epss 0.01

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2017-10385MedOct 19, 2017
    risk 0.41cvss 6.3epss 0.01

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2016-5477MedJul 21, 2016
    risk 0.38cvss 5.8epss 0.02

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.

  • CVE-2016-3608MedJul 21, 2016
    risk 0.38cvss 5.8epss 0.02

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.

  • CVE-2017-10400MedOct 19, 2017
    risk 0.35cvss 5.4epss 0.01

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2017-3247MedJan 27, 2017
    risk 0.28cvss 4.3epss 0.01

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise…

  • CVE-2017-3239LowJan 27, 2017
    risk 0.21cvss 3.3epss 0.00

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2017-3626LowApr 24, 2017
    risk 0.20cvss 3.1epss 0.02

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to…

  • CVE-2011-5035Dec 30, 2011
    risk 0.09cvss epss 0.69

    Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which…

Page 1 of 3