CVE-2017-1000030
First published: Thu Jul 13 2017(Updated: )
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle GlassFish Enterprise Server | =3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1000030?
CVE-2017-1000030 is considered a critical vulnerability due to the potential for unauthorized access to the administrative interface.
How do I fix CVE-2017-1000030?
To fix CVE-2017-1000030, it is recommended to apply the latest updates and patches provided by Oracle for GlassFish Server.
What type of attack does CVE-2017-1000030 enable?
CVE-2017-1000030 enables unauthenticated attackers to disclose plaintext passwords of administrative users.
Which version of GlassFish Server is affected by CVE-2017-1000030?
CVE-2017-1000030 specifically affects Oracle GlassFish Server Open Source Edition 3.0.1.
Can CVE-2017-1000030 be exploited remotely?
Yes, CVE-2017-1000030 can be exploited remotely by attackers to gain unauthorized access.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle glassfish enterprise server
- version/oracle glassfish enterprise server/3.0.1