CVE-2024-9329 Information

Description

In Eclipse Glassfish versions before 7.0.17 The Host HTTP parameter could cause the web application to redirect to the specified URL when the requested endpoint is ‘/management/domain’. By modifying the URL value to a malicious site an attacker may successfully launch a phishing scam and steal user credentials.

Reference

https://github.com/eclipse-ee4j/glassfish/pull/25106 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232