Detections
Analytics
Oracle GlassFish Server Administrative Console Authentication Bypass
critical Nessus Plugin ID 53876
Language:
Synopsis
The remote web server has an authentication bypass vulnerability.Description
The version of GlassFish Server running on the remote host has an authentication bypass vulnerability. The server treats specially crafted TRACE requests as if they are authenticated GET requests.A remote, unauthenticated attacker could exploit this to bypass authentication and gain administrative access to the affected application. In turn, this could be leveraged to run commands under the context of the GlassFish server, which is root by default.
Solution
Upgrade to GlassFish Server 3.1 or later, or disable TRACE (refer to the Core Security advisory for more information).See Also
http://www.nessus.org/u?d4119099
https://www.securityfocus.com/archive/1/517965/30/0/threaded
https://www.securityfocus.com/archive/1/521120/30/0/threaded
Plugin Details
Severity: Critical
ID: 53876
File Name: glassfish_trace_auth_bypass.nasl
Version: 1.12
Type: remote
Family: Web Servers
Published: 5/12/2011
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:oracle:glassfish_server
Required KB Items: www/glassfish, www/glassfish/console
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 2/28/2011
Vulnerability Publication Date: 5/11/2011
Exploitable With
Core Impact
Reference Information
CVE: CVE-2011-1511
BID: 47818