This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2007-10-01
Product Java System Application Server Last view 2011-04-19
Version 9.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sun:java_system_application_server

Activity : Overall

Related : CVE

  Date Alert Description
10 2011-04-19 CVE-2011-0807

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

7.5 2007-10-01 CVE-2007-5152

Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-287 Improper Authentication

Open Source Vulnerability Database (OSVDB)

id Description
71948 Oracle Sun GlassFish Enterprise Server / Java System Application Server Craft...
37758 Sun Java System Access Manager Container Restart Authentication Bypass

OpenVAS Exploits

id Description
2011-04-22 Name : Oracle GlassFish/System Application Server Security Bypass Vulnerability
File : nvt/gb_oracle_glassfish_n_sjas_sec_bypass_vuln.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Oracle GlassFish Server successful authentication bypass attempt
RuleID : 20160 - Type : SERVER-WEBAPP - Revision : 11
2014-01-10 Oracle GlassFish Server authentication bypass attempt
RuleID : 20159 - Type : SERVER-WEBAPP - Revision : 9
2014-01-10 Oracle GlassFish Server default credentials login attempt
RuleID : 20158 - Type : SERVER-WEBAPP - Revision : 15
2014-01-10 Oracle GlassFish Server war file upload attempt
RuleID : 20157 - Type : SERVER-ORACLE - Revision : 10

Nessus® Vulnerability Scanner

id Description
2011-08-17 Name: The remote web server has an authentication bypass vulnerability that may per...
File: glassfish_get_auth_bypass.nasl - Type: ACT_ATTACK