CVE-2012-0550

Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 - Info ...

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0550. PoCs published by Roberto Suggi Liverani.

AI-analyzed exploit summary This is a working Proof-of-Concept (PoC) for CVE-2012-0550, demonstrating a CSRF attack against Oracle GlassFish Server 3.1.1 to upload an arbitrary WAR archive, leading to potential remote code execution.

Description

Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container.

Exploits (1)

exploitdb WORKING POC
by Roberto Suggi Liverani · textwebappswindows
https://www.exploit-db.com/exploits/18766

This is a working Proof-of-Concept (PoC) for CVE-2012-0550, demonstrating a CSRF attack against Oracle GlassFish Server 3.1.1 to upload an arbitrary WAR archive, leading to potential remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle GlassFish Server 3.1.1 (build 12)
Auth required
Prerequisites: Authenticated administrator session · Victim interaction (e.g., clicking a button)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026941
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Scores

EPSS 0.0698
EPSS Percentile 93.3%

Details

Status published
Products (1)
oracle/glassfish_server 3.1.1
Published May 03, 2012
Tracked Since Feb 18, 2026