Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-1000028

CWE-22Path Traversal8 documents6 sources
Severity
7.5HIGH
EPSS
94.1%
top 0.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Glassfish Server
Timeline
PublishedJul 17
Latest updateMay 14

Description

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-w76g-qg26-9xhh: Oracle, GlassFish Server Open Source Edition 42022-05-14
CVEList
CVE-2017-1000028: Oracle, GlassFish Server Open Source Edition 42017-07-13
VulnCheck
Oracle glassfish_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2017

💥Exploits & PoCs

4
Exploit-DB
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)2018-08-14
Exploit-DB
Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)2018-08-14
Exploit-DB
Oracle GlassFish Server 4.1 - Directory Traversal2015-08-27
Nuclei
Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
CVE-2017-1000028 (HIGH CVSS 7.5) | cvebase.io