Published: 20/07/2011 Updated: 21/12/2011

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 645

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote malicious users to execute arbitrary code via unknown vectors related to Administration.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle sun products suite 2.1.1
oracle sun products suite 3.0.1

Oracle GlassFish Server Administration Console Authentication Bypass 1 Advisory Information Title: Oracle GlassFish Server Administration Console Authentication Bypass Advisory ID: CORE-2010-1118 Advisory URL: wwwcoresecuritycom/content/glassfish_admin_authentication_bypass Date published: 2011-05-11 Date of last update: 2011-05-11 Vend ...

Oracle GlassFish Server versions 21 and 3 suffer from an administration console authentication bypass vulnerability ...

Core Security Technologies Advisory - The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to an authentication bypass vulnerability This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated, by making 'TRACE' requests agains ...

GFTampering Quick shortcut to check whether a glassfish server is vulnerable to CVE-2011-1511 It'll issue a TRACE to the "create new user" object, it doesn't create the new user To port: create the user! Usage: Run using a custom insertion point that includes the verb and URL portions of the request SWFReplace Replace the original swf within a server

NVD-CWE-noinfo http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html http://securityreason.com/securityalert/8254 http://www.us-cert.gov/cas/techalerts/TA11-201A.html https://nvd.nist.gov https://github.com/salcho/Burp-Extensions https://www.exploit-db.com/exploits/17276/

CVE-2011-1511

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect