Summary
The host is running Oracle GlassFish Server and is prone to security bypass vulnerability.
Impact
Successful exploitation could allow local attackers to access sensitive data on the server without being authenticated, by making 'TRACE' requests against the Administration Console.
Impact Level: System/Application
Solution
Apply the security updates or Upgrade to Oracle GlassFish 3.1 http://packetstormsecurity.org/files/view/101343/CORE-2010-1118.txt
Insight
The flaw is due to an error in Administration Console, when handling HTTP requests using the 'TRACE' method. A remote unauthenticated attacker can get access to the content of restricted pages in the Administration Console.
Affected
Oracle GlassFish version 3.0.1 and
Sun GlassFish Enterprise Server 2.1.1
References
Severity
Classification
-
CVE CVE-2011-1511 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)
- Apache Tomcat XML External Entity Information Disclosure Vulnerability
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
- Adobe Flash Media Server Video Stream Capture Security Issue