Oracle Glassfish Server vulnerabilities

40 known vulnerabilities affecting oracle/glassfish_server.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL6HIGH10MEDIUM20LOW4

Vulnerabilities

Page 2 of 2

CVE-2016-5477MEDIUMCVSS 5.8v2.1.1v3.0.12016-07-21

CVE-2016-5477 [MEDIUM] CVE-2016-5477: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.

nvd

CVE-2016-3608MEDIUMCVSS 5.8v3.0.12016-07-21

CVE-2016-3608 [MEDIUM] CVE-2016-3608: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.

nvd

CVE-2016-1950HIGHCVSS 8.8v2.1.12016-03-13

CVE-2016-1950 [HIGH] CWE-119 CVE-2016-1950: Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

nvd

CVE-2015-7182CRITICALCVSS 9.8v2.1.12015-11-05

CVE-2015-7182 [CRITICAL] CWE-119 CVE-2015-7182: Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3. Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING d

nvd

CVE-2015-3237MEDIUMCVSS 6.4v3.0.1v3.1.22015-06-22

CVE-2015-3237 [MEDIUM] CWE-20 CVE-2015-3237: The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers t The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

nvd

CVE-2013-1508MEDIUMCVSS 4.3v3.0.1v3.1.22013-04-17

CVE-2013-1508 [MEDIUM] CVE-2013-1508: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface.

nvd

CVE-2013-1620MEDIUMCVSS 4.3v2.1.12013-02-08

CVE-2013-1620 [MEDIUM] CVE-2013-1620: The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets,

nvd

CVE-2012-3155MEDIUMCVSS 5.0v2.1.1v3.0.1+1 more2012-10-16

CVE-2012-3155 [MEDIUM] CVE-2012-3155: Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracl Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB.

nvd

CVE-2012-0550MEDIUMCVSS 6.8PoCv3.1.12012-05-03

CVE-2012-0550 [MEDIUM] CVE-2012-0550: Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container.

nvd

CVE-2012-0551MEDIUMCVSS 5.8PoCv3.1.12012-05-03

CVE-2012-0551 [MEDIUM] CVE-2012-0551: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and ear Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deplo

nvd

CVE-2012-0104MEDIUMCVSS 5.0v3.0.1v3.1.12012-01-18

CVE-2012-0104 [MEDIUM] CVE-2012-0104: Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attack Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container.

nvd

CVE-2012-0081LOWCVSS 3.7v3.1.12012-01-18

CVE-2012-0081 [LOW] CVE-2012-0081: Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect c Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

nvd

CVE-2011-5035MEDIUMCVSS 5.0PoC≤ 3.1.1v2.1.1+1 more2011-12-30

CVE-2011-5035 [MEDIUM] CWE-20 CVE-2011-5035: Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Appl Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by send

nvd

CVE-2011-3559HIGHCVSS 7.8v2.1.1v3.0.1+1 more2011-10-18

CVE-2011-3559 [HIGH] CVE-2011-3559: Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3. Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container.

nvd

CVE-2011-0807CRITICALCVSS 10.0PoCv2.1v2.1.1+1 more2011-04-20

CVE-2011-0807 [CRITICAL] CVE-2011-0807: Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun J Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

nvd

CVE-2010-4438MEDIUMCVSS 5.7v2.1v2.1.1+1 more2011-01-19

CVE-2010-4438 [MEDIUM] CVE-2010-4438: Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4 Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).

nvd

CVE-2010-2397LOWCVSS 2.4v2.1.12010-07-13

CVE-2010-2397 [LOW] CVE-2010-2397: Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassF Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI.

nvd

CVE-2009-1553MEDIUMCVSS 4.3PoCv2.12009-05-06

CVE-2009-1553 [MEDIUM] CWE-79 CVE-2009-1553: Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/regist

nvd

CVE-2008-5266MEDIUMCVSS 4.3PoCv2.02008-11-28

CVE-2008-5266 [MEDIUM] CVE-2008-5266: Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.

nvd

CVE-2008-2751MEDIUMCVSS 4.3PoCv1.0v2.0+4 more2008-06-18

CVE-2008-2751 [MEDIUM] CWE-79 CVE-2008-2751: Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertS

nvd

← Previous2 / 2