CVE-2017-10393

Name of the Vulnerable Software and Affected Versions Oracle GlassFish Server versions 3.0.1 and 3.1.2

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to some of Oracle GlassFish Server's accessible data, including update, insert, or delete access, as well as unauthorized read access. Additionally, attacks can cause a partial denial of service of Oracle GlassFish Server.

Recommendations For Oracle GlassFish Server version 3.0.1, update to a version that includes a fix for this issue. For Oracle GlassFish Server version 3.1.2, update to a version that includes a fix for this issue.