Login Sign Up

CVE-2018-14324

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability in Oracle GlassFish Open Source Edition 5.0's demo feature leaves TCP port 7676 open with default credentials (admin/admin), allowing remote attackers to access JMX RMI services. Attackers can obtain sensitive information, perform database operations, or manipulate the demo environment. Organizations using GlassFish 5.0 with demo features enabled are affected.

💻 Affected Systems

Products:
  • Oracle GlassFish Open Source Edition
Versions: 5.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the demo feature; production deployments without demo features may not be vulnerable.

📦 What is this software?

Glassfish Server by Oracle

View all CVEs affecting Glassfish Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including data theft, database manipulation, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized access to sensitive configuration data, application manipulation, and potential privilege escalation.

🟢

If Mitigated

Limited to unauthorized access to demo features only, with no impact on production data or systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Default credentials and open port make exploitation trivial; JMX RMI provides extensive access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://github.com/eclipse-ee4j/glassfish/issues/22500

Restart Required: Yes

Instructions:

1. Disable demo features. 2. Change default credentials. 3. Close port 7676 if not needed. 4. Consider upgrading to supported versions.

🔧 Temporary Workarounds

Disable Demo Feature

all

Remove or disable the demo feature from GlassFish installation.

Remove demo applications from $GLASSFISH_HOME/glassfish/domains/domain1/applications/

Change Default Credentials

all

Change the default admin password from 'admin' to a strong, unique password.

asadmin change-admin-password --domain_name domain1

Firewall Port 7676

linux

Block TCP port 7676 at network perimeter and host firewall.

iptables -A INPUT -p tcp --dport 7676 -j DROP

🧯 If You Can't Patch

  • Implement network segmentation to isolate GlassFish servers
  • Deploy intrusion detection systems to monitor port 7676 traffic

🔍 How to Verify

Check if Vulnerable:

Check if port 7676 is open: 'netstat -tlnp | grep 7676' or 'nmap -p 7676 <host>'

Check Version:

$GLASSFISH_HOME/bin/asadmin version

Verify Fix Applied:

Verify port 7676 is closed and cannot be accessed remotely; confirm demo features are disabled.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized JMX RMI connections on port 7676
  • Failed authentication attempts with default credentials

Network Indicators:

  • Inbound connections to TCP port 7676 from untrusted sources
  • JMX RMI protocol traffic

SIEM Query:

source_port=7676 OR dest_port=7676 OR protocol="JMX RMI"

📊 Metadata

CVE ID: CVE-2018-14324
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: July 16, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-14324, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2017-2343 10.0

CVE-2017-2343 is a critical vulnerability in Juniper SRX Series firewalls with Integrated User Firew...

Same vulnerability type (CWE-798)