In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Metrics
Affected Vendors & Products
References
History
Mon, 07 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Eclipse
Eclipse glassfish |
|
Weaknesses | CWE-601 | |
CPEs | cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:* | |
Vendors & Products |
Eclipse
Eclipse glassfish |
|
Metrics |
cvssV3_1
|
Mon, 30 Sep 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Eclipse Foundation
Eclipse Foundation glassfish |
|
CPEs | cpe:2.3:a:eclipse_foundation:glassfish:*:*:*:*:*:*:*:* | |
Vendors & Products |
Eclipse Foundation
Eclipse Foundation glassfish |
|
Metrics |
ssvc
|
Mon, 30 Sep 2024 07:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |
Title | Glassfish redirect to untrusted site | |
Weaknesses | CWE-233 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: eclipse
Published: 2024-09-30T07:11:53.688Z
Updated: 2024-10-07T15:59:12.662Z
Reserved: 2024-09-29T16:38:56.846Z
Link: CVE-2024-9329
Vulnrichment
Updated: 2024-10-07T15:59:12.662Z
NVD
Status : Analyzed
Published: 2024-09-30T08:15:05.690
Modified: 2024-10-07T15:52:47.267
Link: CVE-2024-9329
Redhat
No data.