CVE-2017-3239

CWE-200Information ExposureCWE-416Use After Free24 documents5 sources
Severity
3.3LOW
EPSS
0.0%
top 89.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Glassfish Server
Timeline
PublishedJan 27
Latest updateMay 17

Description

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base S

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5oracle/glassfish_server3.0.1, 3.1.2+1
NVDoracle/glassfish_server3.0.1, 3.1.2+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-w7r7-9r25-wvh9: Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration)2022-05-17
GHSA
Nokogiri gem, via libxml, is affected by DoS vulnerabilities2022-05-14
CVEList
CVE-2017-3239: Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration)2017-01-27

📋Vendor Advisories

20
Red Hat
chromium-browser: uxss in v82017-12-14
Red Hat
chromium-browser: cross origin information disclosure in skia2017-12-06
Red Hat
chromium-browser: insufficient blocking of javascript in omnibox2017-12-06
Red Hat
chromium-browser: use after free in pdfium2017-12-06
Red Hat
chromium-browser: out of bounds write in skia2017-12-06
CVE-2017-3239 (LOW CVSS 3.3) | Vulnerability in the Oracle GlassFi | cvebase.io