CVE-2017-3247
Summary
| CVE | CVE-2017-3247 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-01-27 22:59:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Glassfish Server | 2.1.1 | All | All | All |
| Application | Oracle | Glassfish Server | 3.0.1 | All | All | All |
| Application | Oracle | Glassfish Server | 3.1.2 | All | All | All |
| Application | Oracle | Glassfish Server | 2.1.1 | All | All | All |
| Application | Oracle | Glassfish Server | 3.0.1 | All | All | All |
| Application | Oracle | Glassfish Server | 3.1.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle GlassFish Server CVE-2017-3247 Remote Security Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Oracle Critical Patch Update - January 2017 | CONFIRM | www.oracle.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.