Vulnerability Details CVE-2017-1000028
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.939
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://www.exploit-db.com/exploits/45196/
- https://www.exploit-db.com/exploits/45198/
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904
- https://www.exploit-db.com/exploits/45196/
- https://www.exploit-db.com/exploits/45198/
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904
Products affected by CVE-2017-1000028
-
cpe:2.3:a:oracle:glassfish_server:4.1