CVE-2011-0807 : Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Applicati

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

Published 2011-04-20 03:14:07

Updated 2011-09-22 03:28:58

Source Oracle

View at NVD, CVE.org

Threat overview for CVE-2011-0807

Top countries where our scanners detected CVE-2011-0807

Top open port discovered on systems with this issue 80

IPs affected by CVE-2011-0807 182

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2011-0807!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2011-0807

Probability of exploitation activity in the next 30 days: 96.41%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2011-0807

GlassFish Brute Force Utility

First seen: 2020-04-26

auxiliary/scanner/http/glassfish_login

This module attempts to login to GlassFish instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also try to do an authentication bypass against older versions of GlassFish. Note: by default, Glass

More information
Sun/Oracle GlassFish Server Authenticated Code Execution

Disclosure Date: 2011-08-04

First seen: 2020-04-26

exploit/multi/http/glassfish_deployer

This module logs in to a GlassFish Server (Open Source or Commercial) using various methods (such as authentication bypass, default credentials, or user-supplied login), and deploys a malicious war file in order to get remote code execution. It has been tested on G

More information

CVSS scores for CVE-2011-0807

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2011-0807

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

cpuapr2011
Patch;Vendor Advisory

CVEs referencing this url
http://securityreason.com/securityalert/8327

Sun/Oracle GlassFish Server Authenticated Code Execution - CXSecurity.com

Products affected by CVE-2011-0807

SUN » Java System Application Server » Version: 9.1
cpe:2.3:a:sun:java_system_application_server:9.1:*:*:*:*:*:*:*
Matching versions
Oracle » Glassfish Server » Version: 2.1.1
cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*
Matching versions
Oracle » Glassfish Server » Version: 3.0.1
cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Glassfish Server » Version: 2.1
cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-0807