CVE-2017-3626

Metadata

low
2.6
glassfish
CVE-2017-3626
cve.mitre.org, oracle.com
2017-04-24
2017-10-23 14:23
CVE-2017-3626 glassfish
2017-07-20 21:33
2017-06-16 19:22
2017-05-10 23:51
2017-04-27 20:03

Description

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful glassfish None
devel glassfish None
trusty glassfish None
xenial glassfish None
zesty glassfish None

Unaffected

Release Package Reason
precise glassfish ignored
precise/esm glassfish DNE
vivid/stable-phone-overlay glassfish DNE
vivid/ubuntu-core glassfish DNE
yakkety glassfish ignored

Needs Triage

Release Package Reason
upstream glassfish needs-triage