Vulnerability Details : CVE-2011-0807
Public exploit exists!
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.
Products affected by CVE-2011-0807
- cpe:2.3:a:sun:java_system_application_server:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*
Threat overview for CVE-2011-0807
Top countries where our scanners detected CVE-2011-0807
Top open port discovered on systems with this issue
80
IPs affected by CVE-2011-0807 182
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-0807!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-0807
96.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-0807
-
GlassFish Brute Force Utility
First seen: 2020-04-26auxiliary/scanner/http/glassfish_loginThis module attempts to login to GlassFish instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also try to do an authentication bypass against older versions of GlassFish. Note: by default, Glass -
Sun/Oracle GlassFish Server Authenticated Code Execution
Disclosure Date: 2011-08-04First seen: 2020-04-26exploit/multi/http/glassfish_deployerThis module logs in to a GlassFish Server (Open Source or Commercial) using various methods (such as authentication bypass, default credentials, or user-supplied login), and deploys a malicious war file in order to get remote code execution. It has been tested on G
CVSS scores for CVE-2011-0807
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2011-0807
-
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
cpuapr2011Patch;Vendor Advisory
-
http://securityreason.com/securityalert/8327
Sun/Oracle GlassFish Server Authenticated Code Execution - CXSecurity.com
Jump to