Vulnerabilities > CVE-2016-3607 - Unspecified vulnerability in Oracle Glassfish Server 3.0.1/3.1.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Web Servers NASL id GLASSFISH_CVE-2015-3237.NASL description According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 3.1.2.15. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smb_request_state() function due to using values that are assumed valid without properly checking boundaries. An unauthenticated, remote attacker can exploit this, via a malicious SMB server, to disclose arbitrary memory contents. (CVE-2015-3237) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3607) last seen 2020-06-01 modified 2020-06-02 plugin id 92462 published 2016-07-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92462 title Oracle GlassFish Server 3.1.2.x < 3.1.2.15 Multiple Vulnerabilities (July 2016 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(92462); script_version("1.9"); script_cvs_date("Date: 2019/11/19"); script_cve_id("CVE-2015-3237", "CVE-2016-3607"); script_bugtraq_id(75387); script_name(english:"Oracle GlassFish Server 3.1.2.x < 3.1.2.15 Multiple Vulnerabilities (July 2016 CPU)"); script_summary(english:"Checks the version of Oracle GlassFish."); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 3.1.2.15. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smb_request_state() function due to using values that are assumed valid without properly checking boundaries. An unauthenticated, remote attacker can exploit this, via a malicious SMB server, to disclose arbitrary memory contents. (CVE-2015-3237) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3607)"); # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453b5f8c"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle GlassFish Server version 3.1.2.15 or later as referenced in the July 2016 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3607"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/17"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:glassfish_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("glassfish_detect.nasl"); script_require_keys("www/glassfish"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("audit.inc"); include("glassfish.inc"); # # Main # # Check for GlassFish get_kb_item_or_exit('www/glassfish'); port = get_glassfish_port(default:8080); # Get the version number out of the KB. ver = get_kb_item_or_exit("www/" + port + "/glassfish/version"); banner = get_kb_item_or_exit("www/" + port + "/glassfish/source"); pristine = get_kb_item_or_exit("www/" + port + "/glassfish/version/pristine"); # Set appropriate fixed versions. if (ver =~ "^3\.1\.2(\.|$)") fix = "3.1.2.15"; else fix = NULL; if (!isnull(fix) && ver_compare(ver:ver, fix:fix, strict:FALSE) < 0) { report = '\n Version source : ' + banner + '\n Installed version : ' + pristine + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:port, extra:report, severity:SECURITY_HOLE); } else audit(AUDIT_LISTEN_NOT_VULN, "Oracle GlassFish", port, pristine);
NASL family Web Servers NASL id GLASSFISH_CVE-2016-3608.NASL description According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.0.1.x prior to 3.0.1.14. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smb_request_state() function due to using values that are assumed valid without properly checking boundaries. An unauthenticated, remote attacker can exploit this, via a malicious SMB server, to disclose arbitrary memory contents. (CVE-2015-3237) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3607) - Multiple unspecified flaws exist in the Administration subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3608, CVE-2016-5477) last seen 2020-06-01 modified 2020-06-02 plugin id 92463 published 2016-07-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92463 title Oracle GlassFish Server 3.0.1.x < 3.0.1.14 Multiple Vulnerabilities (July 2016 CPU)
References
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1036371
- http://www.securitytracker.com/id/1036371