Short Name |
HTTP:ORACLE:GLASSFISH-BYPASS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle GlassFish Server Administration Console Remote Authentication Bypass |
Release Date |
2011/05/16 |
Update Number |
1920 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Oracle GlassFish Server 3.0.1. Attackers can bypass the authentication of the administration console.
The Oracle GlassFish Server Administration Console is prone to a remote authentication-bypass vulnerability. Attackers can exploit this issue to bypass authentication and perform unauthorized actions like obtaining sensitive information and creating an administrator account. Attackers can use the newly created administrator account to execute arbitrary code in the context of server which runs as root by default. The following products are affected: Oracle GlassFish Server 3.0.1 Sun GlassFish Enterprise Server 2.1.1