CVE-2018-3152

Опубликовано: 17 окт. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Ссылки

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105618
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105618
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01519

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-jrxq-3hv4-q4v2

CVSS3: 7.5

github

больше 3 лет назад

BDU:2019-00344

CVSS3: 7.5

fstec

больше 7 лет назад

Уязвимость компонента Administration сервера приложений Oracle GlassFish Server, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 81%

0.01519

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo