Oracle GlassFish/System Application Server Security Bypass Vulnerability Network Vulnerability

Summary

The host is running GlassFish/System Application Server and is prone to security bypass vulnerability.

Impact

Successful exploitation could allow local attackers to execute arbitrary code under the context of the application. Impact Level: System/Application

Solution

Apply the security updates. http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Insight

The flaw exists in the Web Administration component which listens by default on TCP port 4848. When handling a malformed GET request to the administrative interface, the application does not properly handle an exception allowing the request to proceed without authentication.

Affected

Oracle GlassFish version 2.1, 2.1.1 and 3.0.1 Oracle Java System Application Server 9.1

References

http://packetstormsecurity.org/files/cve/CVE-2011-0807
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.securityfocus.com/bid/47438/discuss

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0807

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
Adobe Air Multiple Vulnerabilities - December12 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)

Take action and discover your vulnerabilities