#VU1045 Privilege escalation in Oracle GlassFish Server - CVE-2016-5519
Published: October 19, 2016 / Updated: January 4, 2017
Vulnerability identifier: #VU1045
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-5519
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Oracle GlassFish Server
Oracle GlassFish Server
Software vendor:
Oracle
Oracle
Description
The vulnerability allows a remote authenticated user to gain elevated orivileges on the target system.
The weakness is due to improper processing of crafted packets during the enrollment operation. Flaw in the Oracle GlassFish Server Java Server Faces component lets attacker to increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
The weakness is due to improper processing of crafted packets during the enrollment operation. Flaw in the Oracle GlassFish Server Java Server Faces component lets attacker to increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.