CVE-2017-1000028

Опубликовано: 17 июл. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Критический

Описание

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

Ссылки

https://www.exploit-db.com/exploits/45196/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45198/
Exploit
Third Party Advisory
VDB Entry
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904
Exploit
Mailing List
Third Party Advisory
https://www.exploit-db.com/exploits/45196/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45198/
Exploit
Third Party Advisory
VDB Entry
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:glassfish_server:4.1:*:*:*:open_source:*:*:*

EPSS

Процентиль: 100%

0.94123

Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2017-1000028

CVSS3: 7.5

ubuntu

больше 8 лет назад

CVE-2017-1000028

CVSS3: 7.5

debian

больше 8 лет назад

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both ...

GHSA-w76g-qg26-9xhh

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 100%

0.94123

Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22