Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-1000029

CWE-200Information Exposure4 documents4 sources
Severity
7.5HIGH
EPSS
69.0%
top 1.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Glassfish Server
Timeline
PublishedJul 17
Latest updateMay 17

Description

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5p9x-gqr6-hr64: Oracle, GlassFish Server Open Source Edition 32022-05-17
CVEList
CVE-2017-1000029: Oracle, GlassFish Server Open Source Edition 32017-07-13

💥Exploits & PoCs

1
Nuclei
Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
CVE-2017-1000029 (HIGH CVSS 7.5) | cvebase.io