Vulnerabilities > CVE-2016-3608 - Unspecified vulnerability in Oracle Glassfish Server 3.0.1

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
oracle
nessus

Summary

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Nessus

NASL familyWeb Servers
NASL idGLASSFISH_CVE-2016-3608.NASL
descriptionAccording to its self-reported version number, the Oracle GlassFish Server running on the remote host is 3.0.1.x prior to 3.0.1.14. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of libcurl in the smb_request_state() function due to using values that are assumed valid without properly checking boundaries. An unauthenticated, remote attacker can exploit this, via a malicious SMB server, to disclose arbitrary memory contents. (CVE-2015-3237) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3607) - Multiple unspecified flaws exist in the Administration subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3608, CVE-2016-5477)
last seen2020-06-01
modified2020-06-02
plugin id92463
published2016-07-20
reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/92463
titleOracle GlassFish Server 3.0.1.x < 3.0.1.14 Multiple Vulnerabilities (July 2016 CPU)