CVE-2017-3249 in GlassFish Server
Summary
by MITRE
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/15/2026
The vulnerability identified as CVE-2017-3249 resides within Oracle GlassFish Server, a widely deployed application server component of Oracle Fusion Middleware that serves as a foundation for enterprise web applications. This security flaw specifically affects the Security subcomponent and impacts versions 2.1.1, 3.0.1, and 3.1.2 of the GlassFish Server. The vulnerability represents a critical weakness that undermines the fundamental security posture of affected systems, as it permits exploitation by unauthenticated attackers who possess network access to the LDAP service. The attack vector is particularly concerning given that it requires no authentication credentials, making it accessible to any malicious actor with network connectivity to the target system.
The technical nature of this vulnerability stems from inadequate input validation and authentication mechanisms within the LDAP integration of the GlassFish Server. When the server processes LDAP requests, it fails to properly validate the incoming data, allowing attackers to craft malicious LDAP queries that can manipulate the server's behavior. This flaw manifests as a privilege escalation opportunity where an attacker can gain unauthorized access to modify or retrieve sensitive data within the server's accessible data stores. The vulnerability's classification as easily exploitable indicates that the attack requires minimal technical expertise or resources, making it particularly dangerous in production environments where such servers may be exposed to untrusted networks.
The operational impact of CVE-2017-3249 extends across multiple security domains, affecting confidentiality, integrity, and availability as indicated by the CVSS v3.0 base score of 7.3. Attackers can achieve unauthorized update, insert, or delete operations against data that the server can access, potentially leading to data corruption, unauthorized modifications, or complete data loss. Additionally, the vulnerability enables unauthorized read access to sensitive data subsets, which could include user credentials, application data, or system configuration information. The partial denial of service capability means that attackers can disrupt service availability for some users or applications, though not necessarily bringing down the entire server. This combination of impacts creates a comprehensive security breach that can compromise the entire application ecosystem hosted on the vulnerable GlassFish Server instances.
Organizations affected by this vulnerability should implement immediate mitigations including applying the official Oracle patches released in their January 2017 Critical Patch Update, which specifically address this LDAP authentication bypass issue. Network segmentation and firewall rules should be implemented to restrict access to LDAP ports and GlassFish server components to trusted networks only, following principle of least privilege configurations. The vulnerability aligns with CWE-284 (Improper Access Control) and CWE-312 (Cleartext Storage of Sensitive Information) categories, and represents a significant concern under ATT&CK framework's privilege escalation and credential access tactics. Organizations should also conduct thorough network audits to identify all exposed GlassFish Server instances and implement monitoring solutions to detect potential exploitation attempts. The vulnerability demonstrates the critical importance of maintaining up-to-date security patches and implementing robust network access controls, particularly for enterprise application servers that handle sensitive business data and user information.