Lucene search
Jason BowesZDI-11-137HistoryApr 19, 2011 - 12:00 a.m.
Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
2011-04-1900:00:00
Jason Bowes
www.zerodayinitiative.com
21
0.965 High
EPSS
Percentile
99.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Web Administration component which listens by default on TCP port 4848. When handling a malformed GET request to the administrative interface, the application does not properly handle an exception allowing the request to proceed without authentication. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
Related
securityvulns
securityvulns
cvelist
cvelist
CVE-2011-0807
2011-04-20 03:09:00
nessus
nessus
openvas
openvas
Oracle GlassFish/System Application Server Security Bypass Vulnerability
2011-04-22 00:00:00
Oracle GlassFish/System Application Server Security Bypass Vulnerability
2011-04-22 00:00:00
prion
prion
Design/Logic Flaw
2011-04-20 03:14:00
packetstorm
packetstorm
Sun/Oracle GlassFish Server Authenticated Code Execution
2011-08-04 00:00:00
nvd
nvd
CVE-2011-0807
2011-04-20 03:14:06
cve
cve
CVE-2011-0807
2011-04-20 03:14:06
veracode
veracode
Remote Code Execution (RCE)
2017-03-27 05:13:34
oracle
oracle
cpuapr2011
2011-04-19 00:00:00