Back

CVE-2024-9329

Sept. 30, 2024, 12:45 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Eclipse Glassfish

  • before 7.0.17

Source

emo@eclipse.org

Tags

emo@eclipse.org
2024-09-30
CVE-2024-9329
CWE-233

CVE-2024-9329 details

Published : Sept. 30, 2024, 8:15 a.m.
Last Modified : Sept. 30, 2024, 12:45 p.m.

Description

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-233 Improper Handling of Parameters The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

References

URL Source
https://github.com/eclipse-ee4j/glassfish/pull/25106 emo@eclipse.org
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232 emo@eclipse.org
This website uses the NVD API, but is not approved or certified by it.