|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-12-25 | |
| Rule Name: | Oracle GlassFish Server ThemeServlet Directory Traversal Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A directory traversal vulnerability was found in Oracle GlassFish Server. The vulnerability is caused by insufficient input validation while processing HTTP requests to the "/theme/" URI. Vulnerabilities may allow attackers to access restricted files or directories, leading to sensitive information leakage and system damage. | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | https://javaee.github.io/glassfish/ ExploitDB:39241 |
|
| Solutions |
|---|
| Upgrade to version after 4.1 to eliminate the vulnerability. |