Vulnerabilities > CVE-2016-3607 - Unspecified vulnerability in Oracle Glassfish Server 3.0.1/3.1.2

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
oracle
critical
nessus

Summary

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Nessus

  • NASL familyWeb Servers
    NASL idGLASSFISH_CVE-2015-3237.NASL
    descriptionAccording to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 3.1.2.15. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smb_request_state() function due to using values that are assumed valid without properly checking boundaries. An unauthenticated, remote attacker can exploit this, via a malicious SMB server, to disclose arbitrary memory contents. (CVE-2015-3237) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3607)
    last seen2020-06-01
    modified2020-06-02
    plugin id92462
    published2016-07-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92462
    titleOracle GlassFish Server 3.1.2.x < 3.1.2.15 Multiple Vulnerabilities (July 2016 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92462);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/19");
    
      script_cve_id("CVE-2015-3237", "CVE-2016-3607");
      script_bugtraq_id(75387);
    
      script_name(english:"Oracle GlassFish Server 3.1.2.x < 3.1.2.15 Multiple Vulnerabilities (July 2016 CPU)");
      script_summary(english:"Checks the version of Oracle GlassFish.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the Oracle GlassFish
    Server running on the remote host is 3.1.2.x prior to 3.1.2.15. It is,
    therefore, affected by multiple vulnerabilities :
    
      - An information disclosure vulnerability exists in the
        bundled version of libcurl in the smb_request_state()
        function due to using values that are assumed valid
        without properly checking boundaries. An
        unauthenticated, remote attacker can exploit this, via a
        malicious SMB server, to disclose arbitrary memory
        contents. (CVE-2015-3237)
    
      - An unspecified flaw exists in the Web Container
        subcomponent that allows an unauthenticated, remote
        attacker to execute arbitrary code. (CVE-2016-3607)");
      # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453b5f8c");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle GlassFish Server version 3.1.2.15 or later as
    referenced in the July 2016 Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3607");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/20");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:glassfish_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("glassfish_detect.nasl");
      script_require_keys("www/glassfish");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("audit.inc");
    include("glassfish.inc");
    
    #
    # Main
    #
    
    # Check for GlassFish
    get_kb_item_or_exit('www/glassfish');
    
    port = get_glassfish_port(default:8080);
    
    # Get the version number out of the KB.
    ver = get_kb_item_or_exit("www/" + port + "/glassfish/version");
    banner = get_kb_item_or_exit("www/" + port + "/glassfish/source");
    pristine = get_kb_item_or_exit("www/" + port + "/glassfish/version/pristine");
    
    # Set appropriate fixed versions.
    if (ver =~ "^3\.1\.2(\.|$)") fix = "3.1.2.15";
    else fix = NULL;
    
    if (!isnull(fix) && ver_compare(ver:ver, fix:fix, strict:FALSE) < 0)
    {
      report =
        '\n  Version source    : ' + banner +
        '\n  Installed version : ' + pristine +
        '\n  Fixed version     : ' + fix +
        '\n';
    
      security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "Oracle GlassFish", port, pristine);
    
  • NASL familyWeb Servers
    NASL idGLASSFISH_CVE-2016-3608.NASL
    descriptionAccording to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.0.1.x prior to 3.0.1.14. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smb_request_state() function due to using values that are assumed valid without properly checking boundaries. An unauthenticated, remote attacker can exploit this, via a malicious SMB server, to disclose arbitrary memory contents. (CVE-2015-3237) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3607) - Multiple unspecified flaws exist in the Administration subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3608, CVE-2016-5477)
    last seen2020-06-01
    modified2020-06-02
    plugin id92463
    published2016-07-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92463
    titleOracle GlassFish Server 3.0.1.x < 3.0.1.14 Multiple Vulnerabilities (July 2016 CPU)