Oracle GlassFish Server Administration Console Default Credentials
high Nessus Plugin ID 38701
Language:
Synopsis
The remote web application server uses default credentials.Description
It is possible to log into the remote Oracle GlassFish administration console by providing default credentials. Knowing these, an attacker can gain administrative control of the affected application server and, for example, install hostile applets.Solution
Change the credentials.Plugin Details
Severity: High
ID: 38701
File Name: glassfish_default_creds.nasl
Version: 1.19
Type: remote
Family: CGI abuses
Published: 5/7/2009
Updated: 1/19/2021
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:H/RL:ND/RC:ND
Vulnerability Information
CPE: cpe:/a:oracle:glassfish_server
Required KB Items: www/glassfish, www/glassfish/console
Excluded KB Items: global_settings/supplied_logins_only