Description

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.

Remediation

References

CVE-2017-1000030

Related Vulnerabilities

RubyGems Deserialization of Untrusted Data Vulnerability (CVE-2017-0903)

WordPress Plugin UserPro-Community and User Profile Multiple Cross-Site Request Forgery Vulnerabilities (5.1.0)

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0606)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2006-2417)

WordPress Plugin File Gallery Remote Code Execution (1.7.9)

Severity

Critical

Classification

CVE-2017-1000030 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities