CVE-2024-9329 MEDIUM

CVE-2024-9329: Glassfish redirect to untrusted site

Vendor Eclipse Foundation
Product Glassfish
Weakness CWE-233
Published September 30, 2024
Last update October 7, 2024

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Key dates

02Disclosure timeline

September 30, 2024 CVE published
October 7, 2024 Record updated