VYPR

GlassFish Server Open Source Edition

by Oracle Corporation

CVEs (4)

  • CVE-2018-14324CriJul 16, 2018
    risk 0.64cvss 9.8epss 0.04

    The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX…

  • CVE-2017-1000030CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based…

  • CVE-2017-1000028HigJul 17, 2017
    risk 0.60cvss 7.5epss 0.99

    Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

  • CVE-2017-1000029HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.08

    Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.