CyberSec.Space Logo
Back to CVE Browser

CVE-2016-5528

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0740%
EPSS Percentile3.18th
PublishedJan 27, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).

Affected Platforms (CPE)

πŸ“¦
Oracle

Glassfish Server

= 2.1.1
πŸ“¦
Oracle

Glassfish Server

= 3.0.1
πŸ“¦
Oracle

Glassfish Server

= 3.1.2

References & Advisories

πŸ”— http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
πŸ”— http://www.securityfocus.com/bid/95478
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
πŸ”— http://www.securityfocus.com/bid/95478

Related Vulnerabilities

CVE-2012-171210.0

Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 h...

CVE-2011-080710.0

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server ...

CVE-2016-36079.8

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attac...

CVE-2017-10000309.8

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, t...