CVE-2011-1511

Oracle Sun Products Suite <3.0.1 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1511. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass vulnerability in Oracle GlassFish Server by sending a TRACE request to the Administration Console, allowing unauthenticated access to sensitive pages. The Python script provided performs this TRACE request to retrieve restricted content.

Description

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Core Security · textwebappswindows
https://www.exploit-db.com/exploits/17276

The exploit demonstrates an authentication bypass vulnerability in Oracle GlassFish Server by sending a TRACE request to the Administration Console, allowing unauthenticated access to sensitive pages. The Python script provided performs this TRACE request to retrieve restricted content.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Oracle GlassFish Server 3.0.1, Sun GlassFish Enterprise Server 2.1.1
No auth needed
Prerequisites: Network access to the GlassFish Administration Console (default port 4848)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-201A.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8254

Scores

EPSS 0.1465
EPSS Percentile 96.2%

Details

Status published
Products (2)
oracle/sun_products_suite 2.1.1
oracle/sun_products_suite 3.0.1
Published Jul 20, 2011
Tracked Since Feb 18, 2026