GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000029)

Description

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.

Remediation

References

CVE-2017-1000029

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2003-0718)

WordPress Plugin classyfrieds Arbitrary File Upload (3.8)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4789)

Drupal Core 7.x Remote Code Execution (7.0 - 7.58)

MySQL CVE-2015-2566 Vulnerability (CVE-2015-2566)

Severity

High

Classification

CVE-2017-1000029 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N