#VU1045 Privilege escalation in Oracle GlassFish Server - CVE-2016-5519

Cybersecurity Help s.r.o.

Published: 2016-10-19 | Updated: 2017-01-04

Vulnerability identifier: #VU1045

Vulnerability risk: Low

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-5519

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle GlassFish Server
Server applications / Other server solutions

Vendor: Oracle

Description
The vulnerability allows a remote authenticated user to gain elevated orivileges on the target system.
The weakness is due to improper processing of crafted packets during the enrollment operation. Flaw in the Oracle GlassFish Server Java Server Faces component lets attacker to increase his privileges.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

Vulnerable software versions

Oracle GlassFish Server: 2.1.1 - 3.1.2

External links
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 20.03 LTS SP4 update for kernel

Privilege escalation in Oracle GlassFish Server