CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-5528

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0740%
EPSS Percentile3.18th
Published2017年1月27日
Last Modified2026年5月13日

Vulnerability Description

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).

Affected Platforms (CPE)

📦
Oracle

Glassfish Server

= 2.1.1
📦
Oracle

Glassfish Server

= 3.0.1
📦
Oracle

Glassfish Server

= 3.1.2

References & Advisories

🔗 http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
🔗 http://www.securityfocus.com/bid/95478
🔗 http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
🔗 http://www.securityfocus.com/bid/95478

関連する脆弱性情報

CVE-2012-171210.0

Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 h...

CVE-2011-080710.0

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server ...

CVE-2016-36079.8

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attac...

CVE-2017-10000309.8

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, t...