Description
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2001-1041)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6455)
WordPress Plugin WP SMS Cross-Site Scripting (5.4.9)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10379)
WordPress Plugin Page Animations And Transitions Unspecified Vulnerability (2.1.8)