Vulnerabilities > CVE-2011-0807

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
oracle
sun
critical
nessus
exploit available
metasploit

Summary

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

Exploit-Db

descriptionSun/Oracle GlassFish Server Authenticated Code Execution. CVE-2011-0807. Webapps exploit for jsp platform
idEDB-ID:17615
last seen2016-02-02
modified2011-08-05
published2011-08-05
reportermetasploit
sourcehttps://www.exploit-db.com/download/17615/
titleSun/Oracle GlassFish Server Authenticated Code Execution

Metasploit

Nessus

NASL familyCGI abuses
NASL idGLASSFISH_GET_AUTH_BYPASS.NASL
descriptionThe version of GlassFish Server running on the remote host has an authentication bypass vulnerability. The server fails to enforce authentication on HTTP requests that contain lower case method names (e.g.
last seen2020-04-30
modified2011-08-17
plugin id55931
published2011-08-17
reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/55931
titleOracle GlassFish Server Administration Console GET Request Authentication Bypass

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/103714/glassfish_deployer.rb.txt
idPACKETSTORM:103714
last seen2016-12-05
published2011-08-04
reporterJoshua D. Abraham
sourcehttps://packetstormsecurity.com/files/103714/Sun-Oracle-GlassFish-Server-Authenticated-Code-Execution.html
titleSun/Oracle GlassFish Server Authenticated Code Execution