CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-1000030

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile23.55th
Published2017年7月17日
Last Modified2026年5月13日

Vulnerability Description

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.

Affected Platforms (CPE)

📦
Oracle

Glassfish Server

= 3.0.1

References & Advisories

🔗 https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037
🔗 https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037

関連する脆弱性情報

CVE-2012-171210.0

Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 h...

CVE-2011-080710.0

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server ...

CVE-2016-36079.8

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attac...

CVE-2016-55289.0

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions th...