Glassfish Server
CVEs (51)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-0807 | 0.08 | — | 0.61 | Apr 20, 2011 | Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. | |||
| CVE-2012-0551 | 0.04 | — | 0.12 | May 3, 2012 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect… | |||
| CVE-2012-0550 | 0.04 | — | 0.07 | May 3, 2012 | Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container. | |||
| CVE-2011-1511 | 0.04 | — | 0.15 | Jul 20, 2011 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration. | |||
| CVE-2009-1553 | 0.04 | — | 0.08 | May 6, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3)… | |||
| CVE-2011-2260 | 0.03 | — | 0.03 | Jul 20, 2011 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration. | |||
| CVE-2008-5266 | 0.03 | — | 0.05 | Nov 28, 2008 | Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2008-2751 | 0.03 | — | 0.04 | Jun 18, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jn… | |||
| CVE-2015-3237 | 0.01 | — | 0.09 | Jun 22, 2015 | The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. | |||
| CVE-2021-3314 | 0.00 | — | 0.01 | Jun 25, 2021 | Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common… | |||
| CVE-2018-3152 | 0.00 | — | 0.02 | Oct 17, 2018 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle… | |||
| CVE-2018-3210 | 0.00 | — | 0.02 | Oct 17, 2018 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | |||
| CVE-2018-2911 | 0.00 | — | 0.02 | Oct 17, 2018 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | |||
| CVE-2016-0453 | 0.00 | — | 0.01 | Jan 21, 2016 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server. | |||
| CVE-2016-0441 | 0.00 | — | 0.02 | Jan 21, 2016 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server. | |||
| CVE-2015-4899 | 0.00 | — | 0.02 | Oct 21, 2015 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Security. | |||
| CVE-2015-4744 | 0.00 | — | 0.02 | Jul 16, 2015 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via… | |||
| CVE-2015-2623 | 0.00 | — | 0.02 | Jul 16, 2015 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via… | |||
| CVE-2015-0396 | 0.00 | — | 0.02 | Jan 21, 2015 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console. | |||
| CVE-2013-5816 | 0.00 | — | 0.01 | Oct 16, 2013 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Metro. |
- CVE-2011-0807Apr 20, 2011risk 0.08cvss —epss 0.61
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.
- CVE-2012-0551May 3, 2012risk 0.04cvss —epss 0.12
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect…
- CVE-2012-0550May 3, 2012risk 0.04cvss —epss 0.07
Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container.
- CVE-2011-1511Jul 20, 2011risk 0.04cvss —epss 0.15
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration.
- CVE-2009-1553May 6, 2009risk 0.04cvss —epss 0.08
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3)…
- CVE-2011-2260Jul 20, 2011risk 0.03cvss —epss 0.03
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.
- CVE-2008-5266Nov 28, 2008risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via…
- CVE-2008-2751Jun 18, 2008risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jn…
- CVE-2015-3237Jun 22, 2015risk 0.01cvss —epss 0.09
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
- CVE-2021-3314Jun 25, 2021risk 0.00cvss —epss 0.01
Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common…
- CVE-2018-3152Oct 17, 2018risk 0.00cvss —epss 0.02
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…
- CVE-2018-3210Oct 17, 2018risk 0.00cvss —epss 0.02
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- CVE-2018-2911Oct 17, 2018risk 0.00cvss —epss 0.02
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- CVE-2016-0453Jan 21, 2016risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server.
- CVE-2016-0441Jan 21, 2016risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server.
- CVE-2015-4899Oct 21, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.
- CVE-2015-4744Jul 16, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via…
- CVE-2015-2623Jul 16, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via…
- CVE-2015-0396Jan 21, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console.
- CVE-2013-5816Oct 16, 2013risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Metro.
Page 2 of 3