Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1511

7 documents7 sources

Severity

6.4MEDIUM

EPSS

67.9%

top 1.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle SUN Products Suite

Timeline

PublishedJul 20

Latest updateMay 17

Description

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDoracle/sun_products_suite2.1.1, 3.0.1+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-pp3m-5f97-6577: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2↗2022-05-17

▶

CVEList

CVE-2011-1511: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2↗2011-07-20

▶

💥Exploits & PoCs

Exploit-DB

Oracle GlassFish Server - Administration Console Authentication Bypass↗2011-05-12

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server Administration Console Authentication Bypass Attempt↗2011-06-09

▶

📋Vendor Advisories

Red Hat

glassfish: Unspecified vulnerability affecting confidentiality and integrity via unspecified vectors↗2011-07-19

▶

💬Community

Bugzilla

CVE-2011-1511, CVE-2011-2260 glassfish: Unspecified vulnerability affecting confidentiality and integrity via unspecified vectors↗2011-10-10

▶