CVE-2018-2911 : Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middlewa

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GlassFish Server accessible data as well as unauthorized access to critical data or complete access to all Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L).

Published 2018-10-17 01:31:15

Updated 2019-10-03 00:03:26

Source Oracle

View at NVD, CVE.org

Vulnerability category: BypassDenial of service

Products affected by CVE-2018-2911

Oracle » Glassfish Server » Version: 3.1.2
cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2018-2911

Top countries where our scanners detected CVE-2018-2911

Top open port discovered on systems with this issue 80

IPs affected by CVE-2018-2911 180

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-2911!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-2911

EPSS FAQ

1.63%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-2911

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.3	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L	2.8	5.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: Low

References for CVE-2018-2911

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

CPU Oct 2018
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/105618

Oracle GlassFish Server Multiple Remote Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-2911

Products affected by CVE-2018-2911

Threat overview for CVE-2018-2911

Exploit prediction scoring system (EPSS) score for CVE-2018-2911

CVSS scores for CVE-2018-2911

References for CVE-2018-2911