PT-2018-2251 · Oracle · Oracle Glassfish Server

Publicado

2018-10-16

Atualizado

2019-10-03

CVE-2018-3152

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Oracle GlassFish Server version 3.1.2

Description The issue is related to insufficient access control in the Administration component of Oracle GlassFish Server, allowing a remote attacker to cause a denial of service using the HTTP protocol. Successful attacks can result in the ability to cause the server to hang or crash repeatedly, leading to a complete denial of service.

Recommendations For Oracle GlassFish Server version 3.1.2, update to a newer version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Administration component to minimize the risk of exploitation.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2019-00344

CVE-2018-3152

Produtos afetados

Oracle Glassfish Server

PT-2018-2251 · Oracle · Oracle Glassfish Server

CVE-2018-3152

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6