Oracle GlassFish Server Administration Console GET Request Authentication Bypass
Critical Nessus Plugin ID 55931
The remote web server has an authentication bypass vulnerability that may permit code execution.
The version of GlassFish Server running on the remote host has an authentication bypass vulnerability. The server fails to enforce authentication on HTTP requests that contain lower case method names (e.g. 'get'). A remote, unauthenticated attacker could exploit this to upload and execute arbitrary code.