What is the severity of CVE-2024-8646?

CVE-2024-8646 is classified as a medium severity vulnerability due to its potential for URL redirection to untrusted sites.

How do I fix CVE-2024-8646?

To mitigate the CVE-2024-8646 vulnerability, upgrade Eclipse Glassfish to version 7.0.10 or later.

Which versions of Eclipse Glassfish are affected by CVE-2024-8646?

Eclipse Glassfish versions prior to 7.0.10 are affected by CVE-2024-8646.

What causes the vulnerability CVE-2024-8646?

CVE-2024-8646 is caused by a URL redirection vulnerability that stems from an issue in the Apache code integrated into GlassFish.

Is CVE-2024-8646 related to any other vulnerabilities?

Yes, CVE-2024-8646 is related to CVE-2023-41080, which contributes to the URL redirection issue.

Vulnerability/
CVE-2024-8646

medium

6.1

CWE

601

EPSS

0.051%

11/9/2024

18/9/2024

CVE-2024-8646: Eclipse Glassfish: URL redirection vulnerability to untrusted sites

First published: Wed Sep 11 2024(Updated: )

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').

Credit: emo@eclipse.org emo@eclipse.org

Affected Software	Affected Version	How to fix
maven/org.glassfish.main.web:web-core	<7.0.10	7.0.10
GlassFish	>=5.1.0<7.0.10

Remedy

https://github.com/eclipse-ee4j/glassfish/pull/24655

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-8646?
CVE-2024-8646 is classified as a medium severity vulnerability due to its potential for URL redirection to untrusted sites.
How do I fix CVE-2024-8646?
To mitigate the CVE-2024-8646 vulnerability, upgrade Eclipse Glassfish to version 7.0.10 or later.
Which versions of Eclipse Glassfish are affected by CVE-2024-8646?
Eclipse Glassfish versions prior to 7.0.10 are affected by CVE-2024-8646.
What causes the vulnerability CVE-2024-8646?
CVE-2024-8646 is caused by a URL redirection vulnerability that stems from an issue in the Apache code integrated into GlassFish.
Is CVE-2024-8646 related to any other vulnerabilities?
Yes, CVE-2024-8646 is related to CVE-2023-41080, which contributes to the URL redirection issue.

agent/weakness
agent/title
agent/type
agent/description
agent/first-publish-date
agent/severity
collector/github-advisory-latest
source/GitHub
alias/GHSA-7gq2-vwq9-w8vw
alias/CVE-2024-8646
agent/software-canonical-lookup
agent/references
agent/author
collector/mitre-cve
source/MITRE
collector/github-advisory
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/event
collector/epss-latest
source/FIRST
agent/epss
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/maven
vendor/eclipse
canonical/glassfish
version/glassfish/5.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.