
Leading the Way: Payara Platform Community 7 Beta Now Fully Jakarta EE 11 Certified
We’re excited to announce that Payara Platform Community 7 Beta application server is now fully certified as Jakarta EE 11 […]
The vulnerability in question is CVE-2023-28462, which was requested directly by Payara.
It is a JNDI Exploit using ‘context.rebind` method when running Payara Server on an older JDK 8 Update. The JNDI exploit can be triggered via access to insecure ORB listeners exposed by a Payara Server installation.
This vulnerability allows remote attackers to load malicious code into a Payara Server installation that is public facing (exposed on the Internet) using remote JNDI access via unsecured ORB listeners. The vulnerability is dangerous in the sense that it allows attackers to load the remote exploit only by knowing the location of any unsecured ORB listener (hostname and port).
However, the vulnerability only affects server environments running on Java 1.8 on running on updates lower than 1.8u191. If the server environment runs in a newer update or if it runs on JDK11+ the exploit cannot be triggered under any circumstance.
To deal with this vulnerability, follow these instructions:
Credit to discovering this vulnerability goes to tr1ple from AntGroup FG.
Share:
We’re excited to announce that Payara Platform Community 7 Beta application server is now fully certified as Jakarta EE 11 […]
Enterprise Java applications power global commerce, healthcare, government and countless other industries. These systems must be scalable, secure and […]
May 2025 marks a monumental milestone in software development: Java turns 30. The impact of this language on the […]