CVE-2024-9329: Glassfish redirect to untrusted site
First published: Mon Sep 30 2024(Updated: )
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Credit: emo@eclipse.org emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.glassfish.main.admin:rest-service | <7.0.17 | 7.0.17 |
| Eclipse GlassFish | <7.0.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/eclipse-ee4j/glassfish/pull/25106
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232
- https://nvd.nist.gov/vuln/detail/CVE-2024-9329
- https://github.com/eclipse-ee4j/glassfish/commit/6ca35eee2ba90a8108984b27bec33f9cc50cd83b
- https://github.com/advisories/GHSA-jq3f-mfmg-747x (Advisory)
- agent/title
- agent/type
- agent/first-publish-date
- agent/references
- agent/description
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-jq3f-mfmg-747x
- alias/CVE-2024-9329
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- collector/nvd-cve
- collector/github-advisory
- agent/event
- agent/epss
- collector/epss-latest
- source/FIRST
- agent/trending
- vendor/eclipse
- canonical/eclipse glassfish
- package-manager/maven