CVE-2017-1000029

HIGH NUCLEI

Oracle Glassfish Server - Information Disclosure

Title source: rule

Description

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.

Nuclei Templates (1)

Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion

HIGHby 0x_Akoko

Shodan: cpe:"cpe:2.3:a:oracle:glassfish_server"

References (1)

[Mailing List, Third Party Advisory] https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037

Scores

CVSS v3 7.5

EPSS 0.6899

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

oracle/glassfish_server 3.0.1

Published Jul 17, 2017

Tracked Since Feb 18, 2026