Unspecified Vulnerability in Oracle GlassFish Server and Java System Application Server
CVE-2011-0807

Currently unrated

Key Information:

Vendor: Oracle
Status: Glassfish Server; Java System Application Server
Vendor: CVE Published:; 20 April 2011

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 88%

Summary

An unspecified vulnerability has been identified in Oracle's GlassFish Enterprise Server and Java System Application Server, which could allow remote attackers to disrupt the confidentiality, integrity, and availability of the affected systems. This weakness is associated with unidentified vectors within the administration interface, potentially enabling unauthorized access or manipulation of server operations.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2011-0807
Created by Rapid7

References

http://www.oracle.com/technetwork/topics/security/cpuapr2...

x_refsource_CONFIRM

http://securityreason.com/securityalert/8327

third-party-advisoryx_refsource_SREASON

EPSS Score

88% chance of being exploited in the next 30 days.

Timeline

🟡
Public PoC available
Jun 10, 2014
👾
Exploit known to exist
Jun 10, 2014
Vulnerability published
Apr 20, 2011
Vulnerability Reserved
Feb 4, 2011