CVE-2018-14324 in GlassFish Open Source Edition
Summary
by MITRE
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/09/2023
The vulnerability identified as CVE-2018-14324 affects Oracle GlassFish Open Source Edition 5.0 where the demo feature remains enabled by default and exposes TCP port 7676 without proper authentication mechanisms. This configuration creates a significant security risk as it allows unauthenticated remote access to the system through a JMX RMI session, providing attackers with extensive control over the application server. The default administrative credentials of admin/admin present a critical weakness that enables unauthorized users to gain access to sensitive system information and perform malicious operations within the GlassFish environment.
The technical flaw stems from the improper configuration of the demo feature which exposes the JMX RMI interface on port 7676 without adequate access controls or authentication requirements. This misconfiguration aligns with CWE-284, which addresses improper access control vulnerabilities, and represents a classic example of insecure default configurations that attackers can exploit to gain unauthorized system access. The JMX RMI protocol allows for remote monitoring and management of Java applications, but when improperly secured, it becomes a vector for remote code execution, data manipulation, and information disclosure attacks.
The operational impact of this vulnerability extends beyond simple information disclosure to encompass full administrative control over the GlassFish server instance. Attackers can leverage the exposed JMX RMI interface to perform database operations, access sensitive configuration files, modify application content, and potentially escalate privileges within the system. This vulnerability particularly affects organizations that deploy GlassFish in development or demonstration environments without proper security hardening, creating a persistent threat vector that can be exploited for lateral movement within the network infrastructure. The attack surface is further expanded by the fact that this is a default installation scenario, making it an attractive target for automated scanning and exploitation tools.
Organizations should immediately disable the demo feature and close the exposed TCP port 7676 to mitigate this vulnerability. The recommended mitigation strategies include implementing proper authentication mechanisms, restricting network access to the JMX RMI interface, and ensuring that default accounts are disabled or have strong, unique passwords. According to ATT&CK framework, this vulnerability maps to T1071.004 for application layer protocols and T1068 for exploit for privilege escalation. Regular security audits should verify that no unnecessary services are running and that all administrative interfaces are properly secured. Additionally, implementing network segmentation and monitoring for unusual activity on port 7676 can help detect potential exploitation attempts and provide early warning of security incidents.