Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Recherche Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Oracle GlassFish Server 2.1.1.x < 2.1.1.30 / 3.0.1.x < 3.0.1.15 / 3.1.2.x < 3.1.2.16 Multiple Vulnerabilities (janvier 2017 CPU)

High

Synopsis

The remote web server is affected by multiple attack vectors.

Description

Oracle GlassFish versions 2.1.1.x prior to 2.1.1.30, 3.0.1.x prior to 3.0.1.15, and 3.1.2.x prior to 3.1.2.16 are affected by the following vulnerabilities :

- An unspecified flaw exists related to the Security subcomponent. This may allow a remote attacker to potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5528) - An unspecified flaw exists related to the Administration subcomponent. This may allow a local attacker to gain access to potentially sensitive information. No further details have been provided by the vendor. (CVE-2017-3239) - An unspecified flaw exists related to the Core subcomponent. This may allow a context-dependent attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2017-3247) - An unspecified flaw exists related to the Security subcomponent. This may allow a remote attacker to have an impact on confidentiality, integrity, and availability. No further details have been provided by the vendor. (CVE-2017-3249) - An unspecified flaw exists related to the Security subcomponent. This may allow a remote attacker to have an impact on confidentiality, integrity, and availability. No further details have been provided by the vendor. (CVE-2017-3250)

Solution

Upgrade to GlassFish Server 3.1.2.16 or later. If 3.1.2.x cannot be obtained, versions 3.0.1.15 and 2.1.1.30 have also been patched for these vulnerabilities.