Vulnerabilities > CVE-2011-1511 - Unspecified vulnerability in Oracle SUN products Suite 2.1.1/3.0.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Oracle GlassFish Server Administration Console Authentication Bypass. CVE-2011-1511. Webapps exploit for windows platform |
| id | EDB-ID:17276 |
| last seen | 2016-02-02 |
| modified | 2011-05-12 |
| published | 2011-05-12 |
| reporter | Core Security |
| source | https://www.exploit-db.com/download/17276/ |
| title | Oracle GlassFish Server Administration Console Authentication Bypass |
Nessus
| NASL family | Web Servers |
| NASL id | GLASSFISH_TRACE_AUTH_BYPASS.NASL |
| description | The version of GlassFish Server running on the remote host has an authentication bypass vulnerability. The server treats specially crafted TRACE requests as if they are authenticated GET requests. A remote, unauthenticated attacker could exploit this to bypass authentication and gain administrative access to the affected application. In turn, this could be leveraged to run commands under the context of the GlassFish server, which is root by default. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 53876 |
| published | 2011-05-12 |
| reporter | This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/53876 |
| title | Oracle GlassFish Server Administrative Console Authentication Bypass |
Packetstorm
data source https://packetstormsecurity.com/files/download/101343/CORE-2010-1118.txt id PACKETSTORM:101343 last seen 2016-12-05 published 2011-05-12 reporter Core Security Technologies source https://packetstormsecurity.com/files/101343/Core-Security-Technologies-Advisory-2010.1118.html title Core Security Technologies Advisory 2010.1118 data source https://packetstormsecurity.com/files/download/108381/NGS00106.txt id PACKETSTORM:108381 last seen 2016-12-05 published 2012-01-05 reporter David Spencer source https://packetstormsecurity.com/files/108381/Oracle-GlassFish-Server-Administration-Bypass.html title Oracle GlassFish Server Administration Bypass
Seebug
bulletinFamily exploit description No description provided by source. id SSV:20543 last seen 2017-11-19 modified 2011-05-13 published 2011-05-13 reporter Root source https://www.seebug.org/vuldb/ssvid-20543 title Oracle GlassFish Server Administration Console Authentication Bypass bulletinFamily exploit description Bugtraq ID: 47818 CVE ID:CVE-2011-1511 Sun GlassFish Enterprise Server是一款构建和部署下一代应用程序和服务的开源和开放社区平台。 管理控制台允许通过HTTP TRACE方法无需验证进行访问,攻击者可以利用此漏洞绕过验证机制获得对某些信息的访问,如日志查看器或JDBC连接池属性信息 Sun Glassfish Enterprise Server 2.1.1 Oracle Glassfish Server 3.0.1 厂商解决方案 Oracle Glassfish Server 3.1已经修复此漏洞,建议用户下载使用: http://www.oracle.com/us/products/middleware/application-server/oracle-glassfish-server/index.html id SSV:20554 last seen 2017-11-19 modified 2011-05-13 published 2011-05-13 reporter Root source https://www.seebug.org/vuldb/ssvid-20554 title Oracle GlassFish Server管理控制台远程验证绕过漏洞
References
- http://securityreason.com/securityalert/8254
- http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
- http://www.us-cert.gov/cas/techalerts/TA11-201A.html
- http://securityreason.com/securityalert/8254
- http://www.us-cert.gov/cas/techalerts/TA11-201A.html
- http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html