Vulnerabilities > CVE-2015-4744 - Remote Security vulnerability in Oracle GlassFish Server and WebLogic Server
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors related to Java Server Faces.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Nessus
NASL family | Web Servers |
NASL id | GLASSFISH_CPU_JUL_2015.NASL |
description | The version of Oracle GlassFish Server running on the remote host is affected by multiple vulnerabilities : - A security bypass vulnerability exists in the bundled Network Security Services (NSS) library because the definite_length_decoder() function, in file quickder.c, does not properly form the DER encoding of an ASN.1 length. A remote attacker, by using a long byte sequence for an encoding, can exploit this issue to conduct undetected smuggling of arbitrary data. (CVE-2014-1569) - An unspecified flaw exists related to the Java Server Faces subcomponent. A remote attacker can exploit this to affect the integrity of the system. (CVE-2015-2623) - An unspecified flaw exists related to the Java Server Faces and Web Container subcomponents. A remote attacker can exploit this to affect the integrity of the system. (CVE-2015-4744) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 84810 |
published | 2015-07-16 |
reporter | This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/84810 |
title | Oracle GlassFish Server Multiple Vulnerabilities (July 2015 CPU) |
code |
|