FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

payara -- Multiple vulnerabilities

Affected packages
payara = 4.1.2.173

Details

VuXML ID d70c9e18-f340-11e8-be46-0019dbb15b3f
Discovery 2016-06-16
Entry 2018-11-28

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution.

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts).

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts).

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).

References

CVE Name CVE-2016-1000031
CVE Name CVE-2016-5528
CVE Name CVE-2017-3239
CVE Name CVE-2017-3247
CVE Name CVE-2017-3249
CVE Name CVE-2017-3250
URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5528
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3239
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3247
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3249
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3250