Candidate: CVE-2017-3626
PublicDate: 2017-04-24 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3626
 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Description:
 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion
 Middleware (subcomponent: Java Server Faces). The supported version that is
 affected is 3.1.2. Difficult to exploit vulnerability allows
 unauthenticated attacker with network access via multiple protocols to
 compromise Oracle GlassFish Server. Successful attacks require human
 interaction from a person other than the attacker. Successful attacks of
 this vulnerability can result in unauthorized read access to a subset of
 Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 3.1
 (Confidentiality impacts). CVSS Vector:
 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N [3.1 LOW]

Patches_glassfish:
upstream_glassfish: needs-triage
precise_glassfish: ignored (reached end-of-life)
precise/esm_glassfish: DNE (precise was needed)
trusty_glassfish: ignored (reached end-of-life)
trusty/esm_glassfish: DNE (trusty was needed)
vivid/stable-phone-overlay_glassfish: DNE
vivid/ubuntu-core_glassfish: DNE
xenial_glassfish: ignored (end of standard support, was needed)
yakkety_glassfish: ignored (reached end-of-life)
zesty_glassfish: ignored (reached end-of-life)
artful_glassfish: ignored (reached end-of-life)
bionic_glassfish: needed
cosmic_glassfish: DNE
disco_glassfish: DNE
eoan_glassfish: DNE
focal_glassfish: DNE
groovy_glassfish: DNE
hirsute_glassfish: DNE
impish_glassfish: DNE
jammy_glassfish: DNE
devel_glassfish: DNE