CVE-2016-5528

4 documents4 sources
Severity
9.0CRITICAL
EPSS
0.9%
top 24.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Glassfish Server
Timeline
PublishedJan 27
Latest updateMay 17

Description

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of O

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages2 packages

CVEListV5oracle/glassfish_server2.1.1, 3.0.1, 3.1.2+2
NVDoracle/glassfish_server2.1.1, 3.0.1, 3.1.2+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-2v59-gf35-6hpx: Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security)2022-05-17
CVEList
CVE-2016-5528: Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security)2017-01-27

💥Exploits & PoCs

1
Exploit-DB
Cisco Unified Communications Manager 7/8/9 - Directory Traversal2016-12-07
CVE-2016-5528 (CRITICAL CVSS 9) | Vulnerability in the Oracle GlassFi | cvebase.io