Description

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.

Remediation

References

CVE-2017-1000030

Related Vulnerabilities

OpenSSL Out-of-bounds Read Vulnerability (CVE-2016-6306)

WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)

WordPress Plugin Booster Elite for WooCommerce Multiple Cross-Site Request Forgery Vulnerabilities (6.0.0)

WordPress Plugin WP Coder-add custom html, css and js code Cross-Site Request Forgery (2.5.2)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.35)

Severity

Critical

Classification

CVE-2017-1000030 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities