CVE-2024-9329
EUVD-2024-282730.09.2024, 08:15
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| eclipse_foundation | glassfish | 7.0.16 ≤ 𝑥 ≤ 7.0.16 |
| eclipse | glassfish | 𝑥 < 7.0.17 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-233 - Improper Handling of ParametersThe software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.