Products
Eclipse Glassfish
- before 7.0.17
Source
emo@eclipse.org
Tags
CVE-2024-9329 details
Published : Sept. 30, 2024, 8:15 a.m.
Last Modified : Sept. 30, 2024, 12:45 p.m.
Last Modified : Sept. 30, 2024, 12:45 p.m.
Description
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-233 | Improper Handling of Parameters | The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined. |
References
URL | Source |
---|---|
https://github.com/eclipse-ee4j/glassfish/pull/25106 | emo@eclipse.org |
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232 | emo@eclipse.org |
This website uses the NVD API, but is not approved or certified by it.