HTTP: Oracle GlassFish Server Administration Console Remote Authentication Bypass
This signature detects attempts to exploit a known vulnerability against Oracle GlassFish Server 3.0.1. Attackers can bypass the authentication of the administration console.
Extended Description
The Oracle GlassFish Server Administration Console is prone to a remote authentication-bypass vulnerability. Attackers can exploit this issue to bypass authentication and perform unauthorized actions like obtaining sensitive information and creating an administrator account. Attackers can use the newly created administrator account to execute arbitrary code in the context of server which runs as root by default. The following products are affected: Oracle GlassFish Server 3.0.1 Sun GlassFish Enterprise Server 2.1.1
Affected Products
Oracle glassfish_server
Short Name
HTTP:ORACLE:GLASSFISH-BYPASS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Administration Authentication Bypass CVE-2011-1511 Console GlassFish Oracle Remote Server bid:47818
Release Date
05/16/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle
Sun
CVSS Score
6.4