Moderate severityNVD Advisory· Published Sep 30, 2024· Updated Oct 7, 2024
Glassfish redirect to untrusted site
CVE-2024-9329
Description
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.glassfish.main.admin:rest-serviceMaven | < 7.0.17 | 7.0.17 |
Affected products
2- Eclipse Foundation/Glassfishv5Range: 5.1.0
Patches
Vulnerability mechanics
References
5- github.com/eclipse-ee4j/glassfish/pull/25106ghsapatchWEB
- github.com/advisories/GHSA-jq3f-mfmg-747xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-9329ghsaADVISORY
- github.com/eclipse-ee4j/glassfish/commit/6ca35eee2ba90a8108984b27bec33f9cc50cd83bghsaWEB
- gitlab.eclipse.org/security/vulnerability-reports/-/issues/232ghsaissue-trackingWEB
News mentions
0No linked articles in our index yet.