How severe is CVE-2017-10391?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2017-10391?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2017-10391

HIGH Year: 2017

CVSS v3 Score

7.3

High

CVSS v2 Score

7.5

High

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

CVE-2003-0063

HIGH

CVSS:7.3(High)

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's t...

NVD-CWE-Other2003

CVE-2012-5379

HIGH

CVSS:7.3(High)

Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan ho...

NVD-CWE-Other2012

CVE-2015-6527

HIGH

CVSS:7.3(High)

The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace...

NVD-CWE-Other2015

CVE-2015-6832

HIGH

CVSS:7.3(High)

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrar...

NVD-CWE-Other2015

CVE-2015-6836

HIGH

CVSS:7.3(High)

The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary ...

NVD-CWE-Other2015

CVE-2015-8560

HIGH

CVSS:7.3(High)

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ;...

NVD-CWE-Other2015

CVE-2017-10391

Vulnerability Description

Related Vulnerabilities

CVE-2003-0063

CVE-2012-5379

CVE-2015-6527

CVE-2015-6832

CVE-2015-6836

CVE-2015-8560