CVE-2013-3827

EXPLOITED NUCLEI

Oracle GlassFish Server <12.1.2 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Alex Kouzemtchenko · textremotemultiple

https://www.exploit-db.com/exploits/38802

View Code ZIP pw:eip

nomisec SCANNER 1 stars

by thistehneisen · infoleak

https://github.com/thistehneisen/CVE-2013-3827

View Code ZIP pw:eip

Nuclei Templates (1)

Javafaces LFI

MEDIUMby Random-Robbie

Shodan: http.title:"weblogic" || http.html:"weblogic application server"

FOFA: title="weblogic" || body="weblogic application server"

References (5)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2014-0029.html

[US Government Resource] http://www.kb.cert.org/vuls/id/526012

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/63052

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1029190

Scores

EPSS 0.9163

EPSS Percentile 99.7%

Details

VulnCheck KEV 2025-06-07

Status published

Products (9)

oracle/fusion_middleware 2.1.1

oracle/fusion_middleware 3.0.1

oracle/fusion_middleware 3.1.2

oracle/fusion_middleware 10.3.6

oracle/fusion_middleware 11.1.2.3.0

oracle/fusion_middleware 11.1.2.4.0

oracle/fusion_middleware 12.1.1

oracle/fusion_middleware 12.1.2.0.0

org.glassfish/javax.faces 2.0.0 - 2.1.19Maven

Published Oct 16, 2013

Tracked Since Feb 18, 2026