GlassFish is the reference implementation of Java EE that allows developers to create enterprise applications that are portable and scalable, and that integrate with legacy technologies.
GlassFish has an arbitrary file access vulnerability that can be exploited by attackers to read any file in the server.
Disable remote management to only allow local access. Users will be prompted to enter the user name and password for local access. This setting is recommended for the development environment or the environment requiring high server security.
Note: After modifying the settings, restart the GlassFish service.
For Linux environment:
For Windows environment:
- Restart GlassFish to bring the changes into effect.