Description

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

Remediation

References

CVE-2017-1000028

Related Vulnerabilities

WordPress 4.4.x Directory Traversal (4.4 - 4.4.32)

PostgreSQL Improper Authentication Vulnerability (CVE-2007-6601)

WordPress Plugin Widgets for SiteOrigin Unspecified Vulnerability (1.4.4)

WordPress 5.6.x PHP Object Injection (5.6 - 5.6.3)

WordPress Plugin WP Forum Server Multiple SQL Injection (1.6.5)

Severity

High

Classification

CVE-2017-1000028 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities