This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated, by making TRACE requests against the Administration Console. ![]() The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to an authentication bypass vulnerability. It provides a small footprint, fully featured Java EE application server that is completely supported for commercial deployment and is available as a standalone offering. Introductionīuilt using the GlassFish Server Open Source Edition, Oracle GlassFish Server delivers a flexible, lightweight and extensible Java EE 6 platform. Technical Description / Proof of Concept Code 8.1. This vulnerability was discovered and researched by Francisco Falcon from Core Security Technologies. Finally, restart GlassFish by doing C:\glassfishv3\bin>asadmin restart-domainĪfter following these steps, when executing the PoC included in this advisory, the webserver should respond: 405 TRACE method is not allowed headers =.There is a checkbox "Trace: Enable TRACE operation" (checked by default) uncheck it and then save changes.Navigate through: Network Config > Protocols > admin-listener > HTTP.In the GlassFish Admin Console, go to the Tasks tree.As a policy, Oracle does not provide workarounds unless they can be easily applied by every customer.įor users who cannot upgrade to the latest patched version, the following workaround can be applied in order to avoid this flaw: Oracle also notifies that patches for previous versions will be available in July, 2011. Oracle notifies that GlassFish Server 3.1 was released in March 2011 and was fixed before release, so it is not affected. Vendor Information, Solutions and Workarounds Contact Oracle for patches for other GlassFish versionsĦ.Vulnerability InformationĬlass: Authentication Bypass Issues īuilt using the GlassFish Server Open Source Edition, Oracle GlassFish Server delivers a flexible, lightweight and extensible Java EE 6 platform. Title: Oracle GlassFish Server Administration Console Authentication Bypass
0 Comments
Leave a Reply. |