Privilege escalation in Oracle GlassFish Server - CVE-2016-5519
Published: October 19, 2016 / Updated: January 4, 2017
Vulnerability identifier: #VU1045
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-5519
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Oracle GlassFish Server
Oracle GlassFish Server
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain elevated orivileges on the target system.
The weakness is due to improper processing of crafted packets during the enrollment operation. Flaw in the Oracle GlassFish Server Java Server Faces component lets attacker to increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
The weakness is due to improper processing of crafted packets during the enrollment operation. Flaw in the Oracle GlassFish Server Java Server Faces component lets attacker to increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.