CVE-2011-1511
published 2011-07-20CVE-2011-1511: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary…
PriorityP352medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
14.65%
96.2th percentile
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | sun_products_suite | — | — |
| oracle | sun_products_suite | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http $EXTERNAL_NET any -> $HOME_NET 4848 (msg:"ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server Administration Console Authentication Bypass Attempt"; flow:established,to_server; http.method; content:"TRACE"; http.uri; content:".jsf"; nocase; reference:url,www.coresecurity.com/content/oracle-glassfish-server-administration-console-authentication-bypass; reference:bid,47818; reference:cve,2011-1511; classtype:attempted-recon; sid:2012977; rev:5; metadata:created_at 2011_06_09, cve CVE_2011_1511, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
- →Detect HTTP TRACE method requests targeting port 4848 with .jsf URI paths — the core exploit pattern for this authentication bypass. ↗
- →Monitor for TRACE requests to the GlassFish admin console paths /common/logViewer/logViewer.jsf, /common/appServer/jvmReport.jsf, /updateCenter/installed.jsf, and /jdbc/jdbcConnectionPoolProperty.jsf without prior authentication. ↗
- →GlassFish responds to a TRACE request with the full resource body as if it were a GET from an authenticated user — look for 200 OK responses to TRACE requests on port 4848 containing JSF page content. ↗
- →A 405 response to TRACE on port 4848 with 'Allow: GET, HEAD, POST' indicates the workaround has been applied and TRACE is disabled — absence of this response on a GlassFish host is a risk indicator. ↗
- ·The TRACE method is enabled by default on the GlassFish admin-listener; this is the root configuration condition enabling the vulnerability. ↗
- ·Affected versions are Oracle GlassFish Server 3.0.1 and Sun GlassFish Enterprise Server 2.1.1; Oracle GlassFish Server 3.1 is not affected. ↗
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pp3m-5f97-6577: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2
ghsa_unreviewed·2022-05-17
CVE-2011-1511 [MEDIUM] GHSA-pp3m-5f97-6577: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration.
Red Hat
glassfish: Unspecified vulnerability affecting confidentiality and integrity via unspecified vectors
vendor_redhat·2011-07-19·CVSS 6.4
CVE-2011-1511 [MEDIUM] glassfish: Unspecified vulnerability affecting confidentiality and integrity via unspecified vectors
glassfish: Unspecified vulnerability affecting confidentiality and integrity via unspecified vectors
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration.
Statement: Not vulnerable. This issue affects the GlassFish Server Administration Console, which is not shipped with any Red Hat products.
Package: Other (Red Hat JBoss Enterprise Web Server 1) - Under investigation
Suricata
ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server Administration Console Authentication Bypass Attempt
suricata·2011-06-09
CVE-2011-1511 ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server Administration Console Authentication Bypass Attempt
ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server Administration Console Authentication Bypass Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET 4848 (msg:"ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server Administration Console Authentication Bypass Attempt"; flow:established,to_server; http.method; content:"TRACE"; http.uri; content:".jsf"; nocase; reference:url,www.coresecurity.com/content/oracle-glassfish-server-administration-console-authentication-bypass; reference:bid,47818; reference:cve,2011-1511; classtype:attempted-recon; sid:2012977; rev:5; metadata:created_at 2011_06_09, cve CVE_2011_1511, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
http://securityreason.com/securityalert/8254http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.htmlhttp://www.us-cert.gov/cas/techalerts/TA11-201A.htmlhttp://securityreason.com/securityalert/8254http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.htmlhttp://www.us-cert.gov/cas/techalerts/TA11-201A.html
2011-07-20
Published