What is CVE-2011-5035?

CVE-2011-5035 is a vulnerability in Oracle Glassfish_server, classified under Improper Input Validation. Published 2011-12-30.

Is CVE-2011-5035 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Oracle Glassfish_server

CVE-2011-5035

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigge…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.586 (98.2th percentile) — read the EPSS interpretation.

Affected products

Oracle Glassfish_server — versions 2.1.1, 3.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

rapid7/metasploit-framework

References

48074 (x_refsource_SECUNIA, third-party-advisory)
HPSBUX02784 (x_refsource_HP, vendor-advisory)
cve@mitre.org (x_refsource_MISC)
GLSA-201406-32 (vendor-advisory, x_refsource_GENTOO)
HPSBMU02799 (x_refsource_HP, vendor-advisory)
48589 (x_refsource_SECUNIA, third-party-advisory)
oval:org.mitre.oval:def:16908 (x_refsource_OVAL, signature, vdb-entry)
cve@mitre.org (x_refsource_MISC)
RHSA-2013:1455 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2011-5035?: CVE-2011-5035 is a vulnerability in Oracle Glassfish_server, classified under Improper Input Validation. Published 2011-12-30.
Is CVE-2011-5035 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.