CVE-2017-1000030 – CVE-2017-1000030 is a Java Key Store password d... (How to Fix)

Q: What is the severity of CVE-2017-1000030?

CVE-2017-1000030 has a CVSS score of 9.8 (CRITICAL). CVE-2017-1000030 is a Java Key Store password disclosure vulnerability in Oracle GlassFish Server that allows unauthenticated attackers to retrieve administrative passwords in plain text. This grants full access to the web-based administration interface, potentially compromising the entire server. Only GlassFish Server Open Source Edition 3.0.1 build 22 is affected.

📋 TL;DR

CVE-2017-1000030 is a Java Key Store password disclosure vulnerability in Oracle GlassFish Server that allows unauthenticated attackers to retrieve administrative passwords in plain text. This grants full access to the web-based administration interface, potentially compromising the entire server. Only GlassFish Server Open Source Edition 3.0.1 build 22 is affected.

💻 Affected Systems

Products:

Oracle GlassFish Server Open Source Edition

Versions: 3.0.1 (specifically build 22)

Operating Systems: All platforms running GlassFish

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific build 22 of version 3.0.1. Other versions are not vulnerable.

📦 What is this software?

Glassfish Server by Oracle

View all CVEs affecting Glassfish Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover with administrative access, data theft, deployment of malicious applications, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, application deployment, and potential data exposure.

🟢

If Mitigated

Limited impact if administrative interface is not exposed or strong network controls prevent access.

🌐 Internet-Facing: HIGH - Direct exposure allows unauthenticated attackers to gain administrative control.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward - attackers can retrieve plaintext passwords without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Upgrade to GlassFish Server 3.0.1 build 23 or later, or newer versions

Vendor Advisory: https://www.oracle.com/security-alerts/

Restart Required: Yes

Instructions:

1. Download latest GlassFish Server version. 2. Backup current configuration. 3. Stop GlassFish service. 4. Install new version. 5. Restore configuration. 6. Restart service.

🔧 Temporary Workarounds

Restrict Administrative Interface Access

all

Block external access to GlassFish administrative interface using firewall rules

iptables -A INPUT -p tcp --dport 4848 -j DROP
netsh advfirewall firewall add rule name="Block GlassFish Admin" dir=in action=block protocol=TCP localport=4848

Change Administrative Password

all

Change the administrative password to mitigate impact if credentials are exposed

asadmin change-admin-password

🧯 If You Can't Patch

Implement strict network segmentation to isolate GlassFish server from untrusted networks
Enable detailed logging and monitoring for unauthorized access attempts to administrative interface

🔍 How to Verify

Check if Vulnerable:

Check GlassFish version: asadmin version | grep 'Version' and verify if it's 3.0.1 build 22

Check Version:

asadmin version

Verify Fix Applied:

Verify version is 3.0.1 build 23 or later: asadmin version | grep 'Version'

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to /management/domain/domain.jsf
Multiple failed login attempts followed by successful login from new IP

Network Indicators:

Unusual traffic to port 4848 (admin interface)
Requests to password-related endpoints from external IPs

SIEM Query:

source="glassfish.log" AND ("domain.jsf" OR "admin" AND "password")

📊 Metadata

CVE ID: CVE-2017-1000030

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: July 17, 2017

Last Updated: April 20, 2025

🔗 References

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 Mailing List,Third Party Advisory
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-1000030, you might also want to check these: