Description

The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to a directory traversal vulnerability that can be exploited by remote attackers to access sensitive data on the server.

Remediation

No fix is available at this time for the GlassFish Server Open Source Edition release. However, this vulnerability can be mitigated with the use of technologies, such as Web Application Firewalls (WAF) or Intrusion Prevention Systems (IPS).

Oracle GlassFish Server 3.x which is the current commercial release of GlassFish is not affected.

References

Path Traversal in Oracle GlassFish Server Open Source Edition

Related Vulnerabilities

WordPress Plugin SE HTML5 Album Audio Player Directory Traversal (1.1.0)

WordPress Plugin GD bbPress Attachments Multiple Vulnerabilities (2.2)

Moodle Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-4524)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.12)

Magento Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-34254)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal