CVE-2013-3827

EXPLOITED NUCLEI

Oracle GlassFish Server <12.1.2 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2013-3827 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Alex Kouzemtchenko, thistehneisen. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in Oracle JavaServer Faces, affecting multiple products. It includes example URLs demonstrating the exploit path but lacks functional exploit code.

Description

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Alex Kouzemtchenko · textremotemultiple

https://www.exploit-db.com/exploits/38802

View Code ZIP pw:eip

The provided text describes a directory traversal vulnerability in Oracle JavaServer Faces, affecting multiple products. It includes example URLs demonstrating the exploit path but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Oracle JavaServer Faces (WebLogic Server 10.3.6.0, 12.1.1.0; GlassFish Server 2.1.1, 3.0.1, 3.1.2; JDeveloper 11.1.2.3.0, 11.1.2.4.0, 12.1.2.0.0)

No auth needed

Prerequisites: Access to the target application's URL

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER 1 stars

by thistehneisen · infoleak

https://github.com/thistehneisen/CVE-2013-3827

View Code ZIP pw:eip

This repository contains a Python script that checks for directory traversal vulnerabilities in Java web applications by attempting to access sensitive files via CVE-2013-3827. It sends HTTP requests to predefined paths and checks for XML content in responses.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Java web applications using JSF (JavaServer Faces)

No auth needed

Prerequisites: Target URL must be modified in the script · Python 3 with requests library

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Javafaces LFI

MEDIUMby Random-Robbie

Shodan: http.title:"weblogic" || http.html:"weblogic application server"

FOFA: title="weblogic" || body="weblogic application server"

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/63052

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0029.html

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/526012

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1029190

Scores

EPSS 0.8682

EPSS Percentile 99.4%

Details

VulnCheck KEV 2025-06-07

Status published

Products (9)

oracle/fusion_middleware 2.1.1

oracle/fusion_middleware 3.0.1

oracle/fusion_middleware 3.1.2

oracle/fusion_middleware 10.3.6

oracle/fusion_middleware 11.1.2.3.0

oracle/fusion_middleware 11.1.2.4.0

oracle/fusion_middleware 12.1.1

oracle/fusion_middleware 12.1.2.0.0

org.glassfish/javax.faces 2.0.0 - 2.1.19Maven

Published Oct 16, 2013

Tracked Since Feb 18, 2026