CVE-2011-0807

Oracle Sun GlassFish Enterprise Server <3.0.1 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsjsp

https://www.exploit-db.com/exploits/17615

View Code ZIP pw:eip

metasploit SCANNER

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/glassfish_login.rb

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by juan vazquez · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/glassfish_deployer.rb

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

[Third Party Advisory] http://securityreason.com/securityalert/8327

Scores

EPSS 0.8754

EPSS Percentile 99.5%

Details

Status published

Products (4)

oracle/glassfish_server 2.1

oracle/glassfish_server 2.1.1

oracle/glassfish_server 3.0.1

sun/java_system_application_server 9.1

Published Apr 20, 2011

Tracked Since Feb 18, 2026