CVE-2016-5528

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
oracleCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
oracleglassfish_server
2.1.1
oracleglassfish_server
3.0.1
oracleglassfish_server
3.1.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glassfish
cosmic
dne
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
not-affected
trusty
dne
precise
ignored
References
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
http://www.securityfocus.com/bid/95478
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
http://www.securityfocus.com/bid/95478