CVE-2011-0807

Oracle Sun GlassFish Enterprise Server <3.0.1 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

Exploits (3)

metasploit WORKING POC EXCELLENT

by juan vazquez · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/glassfish_deployer.rb

View Code ZIP pw:eip

metasploit SCANNER

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/glassfish_login.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsjsp

https://www.exploit-db.com/exploits/17615

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

[Third Party Advisory] http://securityreason.com/securityalert/8327

Scores

EPSS 0.8754

EPSS Percentile 99.4%

Classification

Status draft

Affected Products (4)

oracle/glassfish_server

oracle/glassfish_server

oracle/glassfish_server

sun/java_system_application_server

Timeline

Published Apr 20, 2011

Tracked Since Feb 18, 2026