Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-0807 | First vendor Publication | 2011-04-19 |
Vendor | Cve | Last vendor Modification | 2011-09-22 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0807 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-04-22 | Name : Oracle GlassFish/System Application Server Security Bypass Vulnerability File : nvt/gb_oracle_glassfish_n_sjas_sec_bypass_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71948 | Oracle Sun GlassFish Enterprise Server / Java System Application Server Craft... Oracle Sun GlassFish Enterprise Server and Java System Application Server contain a flaw related to the Administration sub-component. The issue is triggered when a remote attacker sends a crafted GET request via TCP port 4848 to the administrative interface. This may allow an attacker to bypass authentication and execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle GlassFish Server successful authentication bypass attempt RuleID : 20160 - Revision : 11 - Type : SERVER-WEBAPP |
2014-01-10 | Oracle GlassFish Server authentication bypass attempt RuleID : 20159 - Revision : 9 - Type : SERVER-WEBAPP |
2014-01-10 | Oracle GlassFish Server default credentials login attempt RuleID : 20158 - Revision : 15 - Type : SERVER-WEBAPP |
2014-01-10 | Oracle GlassFish Server war file upload attempt RuleID : 20157 - Revision : 10 - Type : SERVER-ORACLE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-08-17 | Name : The remote web server has an authentication bypass vulnerability that may per... File : glassfish_get_auth_bypass.nasl - Type : ACT_ATTACK |
Sources (Detail)
Source | Url |
---|---|
CONFIRM | http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html |
SREASON | http://securityreason.com/securityalert/8327 |
Alert History
Date | Informations |
---|---|
2021-05-04 12:14:02 |
|
2021-04-22 01:15:14 |
|
2020-05-23 13:16:57 |
|
2020-05-23 00:27:51 |
|
2014-02-17 11:00:37 |
|
2014-01-19 21:27:36 |
|
2013-05-10 22:55:09 |
|