| Vulnerability Name: | CVE-2012-0550 (CCN-75004) | ||||||||
| Assigned: | 2012-04-17 | ||||||||
| Published: | 2012-04-17 | ||||||||
| Updated: | 2017-12-07 | ||||||||
| Summary: | Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0550 Source: CCN Type: Packetstorm Security Website Oracle GlassFish Server 3.1.1 Cross Site Request Forgery Source: CCN Type: SA48798 Oracle GlassFish Enterprise Server Cross-Site Scripting and Request Forgery Source: MANDRIVA Type: UNKNOWN MDVSA-2013:150 Source: CCN Type: Oracle Critical Patch Update Advisory - April 2012 Oracle Critical Patch Update Advisory - April 2012 Source: CONFIRM Type: Vendor Advisory http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html Source: CCN Type: OSVDB ID: 81225 Oracle GlassFish Enterprise Server WAR Archive Uploading CSRF Source: CCN Type: security-assessment.com REST Interface Cross Site Request Forgery Vulnerability Source: CCN Type: BID-53118 Oracle GlassFish Enterprise Server 'REST interface' Cross Site Request Forgery Vulnerability Source: SECTRACK Type: UNKNOWN 1026941 Source: XF Type: UNKNOWN sunproductssuite-ges-cve20120550(75004) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||