Intrusion Prevention

Oracle.GlassFish.Server.Authenticated.Code.Execution

Description

This indicates an attack attempt against a Code Execution vulnerability in Oracle GlassFish Server.
The vulnerability is caused by an error when the vulnerable software handles a malicious upload. It allows a remote attacker to execute arbitrary code via sending a malicious "WAR" file.

Affected Products

Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1
Sun Java System Application Server 9.1

Impact

System Compromise: Remote code execution.

Recommended Actions

Apply the latest update from the vendor.

CVE References

CVE-2011-0807