$Path Traversal in Oracle GlassFish server open source edition

Description

The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to a directory traversal vulnerability that can be exploited by remote attackers to access sensitive data on the server.

Remediation

No fix is available at this time for the GlassFish Server Open Source Edition release. However, this vulnerability can be mitigated with the use of technologies, such as Web Application Firewalls (WAF) or Intrusion Prevention Systems (IPS).

Oracle GlassFish Server 3.x which is the current commercial release of GlassFish is not affected.

References