Oracle Java GlassFish Server Security Bypass Vulnerability Network Vulnerability

Summary

The host is running Oracle GlassFish Server and is prone to security bypass vulnerability.

Impact

Successful exploitation could allow local attackers to access sensitive data on the server without being authenticated, by making 'TRACE' requests against the Administration Console. Impact Level: System/Application

Solution

Apply the security updates or Upgrade to Oracle GlassFish 3.1 http://packetstormsecurity.org/files/view/101343/CORE-2010-1118.txt

Insight

The flaw is due to an error in Administration Console, when handling HTTP requests using the 'TRACE' method. A remote unauthenticated attacker can get access to the content of restricted pages in the Administration Console.

Affected

Oracle GlassFish version 3.0.1 and Sun GlassFish Enterprise Server 2.1.1

References

http://packetstormsecurity.org/files/view/101343/CORE-2010-1118.txt
http://seclists.org/fulldisclosure/2011/May/296

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1511

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apple Safari libxml Denial of Service Vulnerability
Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
Apple iTunes Tutorials Window Security Bypass Vulnerability (Mac OS X)
Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)

Take action and discover your vulnerabilities