Eclipse Glassfish <7.0.17 HTTP Host Param Redirect Phish
CVE-2024-9329 Published on September 30, 2024
Glassfish redirect to untrusted site
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Weakness Type
Improper Handling of Parameters
The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
Products Associated with CVE-2024-9329
Want to know whenever a new CVE is published for Eclipse Glassfish? stack.watch will email you.
Affected Versions
Eclipse Foundation Glassfish:- Version 5.1.0, <= 7.0.16 is affected.
- Version 5.1.0, <= 7.0.16 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.