### [CVE-2017-1000028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000028)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

### POC

#### Reference
- https://www.exploit-db.com/exploits/45196/
- https://www.exploit-db.com/exploits/45198/
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904

#### Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/H4cking2theGate/TraversalHunter
- https://github.com/HimmelAward/Goby_POC
- https://github.com/NeonNOXX/CVE-2017-1000028
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/cyberwithcyril/VulhubPenTestingReport
- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
- https://github.com/lof1sec/GlassFish_Server_4.1_Path_Traversal