Release DateAug 17, 2011 |
Severitymedium |
ImpactSecurity Bypass: Remote attackers can bypass security checking of vulnerable systems. |
DescriptionThis indicates an attack attempt against an Authentication Bypass vulnerability in Oracle GlassFish.The vulnerability is due to an error that leads to the software treating HTTP TRACE requests as authenticated GET requests. Attackers can exploit this issue to bypass authentication and perform unauthorized actions. |
Affected ProductsOracle Sun GlassFish Enterprise Server Prior to 3.1 |
Recommended ActionsRefer to the vendor's website for suggested workaround.http://java.net/jira/browse/GLASSFISH-14078 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-1511 |
Reference/shttp://www.securityfocus.com/bid/47818 (BugTraq) |
