The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to a directory traversal vulnerability that can be exploited by remote attackers to access sensitive data on the server.
No fix is available at this time for the GlassFish Server Open Source
Edition release. However, this vulnerability can be mitigated with the use
of technologies, such as Web Application Firewalls (WAF) or Intrusion
Prevention Systems (IPS).
Oracle GlassFish Server 3.x which is the current commercial release of GlassFish is not affected.