CVE-2017-1000029
HIGH NUCLEIGlassFish Server Open Source Edition 3.0.1 - Unauthenticated Local File Inclusion
Title source: llmExploitation Summary
CVE-2017-1000029 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.
Nuclei Templates (1)
Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
HIGHby 0x_Akoko
Shodan:
cpe:"cpe:2.3:a:oracle:glassfish_server"
References (1)
Core 1
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037
Scores
CVSS v3
7.5
EPSS
0.0835
EPSS Percentile
94.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
oracle/glassfish_server
3.0.1
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026