GHSA-jq3f-mfmg-747x

Опубликовано: 30 сент. 2024

Источник: github

Github: Прошло ревью

CVSS4: 6.9

CVSS3: 5.3

Описание

Eclipse Glassfish improperly handles http parameters

In Eclipse Glassfish versions before 7.0.17, the Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is /management/domain. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Ссылки

Пакеты

Наименование

org.glassfish.main.admin:rest-service

maven

Затронутые версииВерсия исправления

< 7.0.17

7.0.17

EPSS

Процентиль: 63%

0.00442

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

CVE-2024-9329

Дефекты

CWE-233

CWE-601

Связанные уязвимости

CVE-2024-9329

CVSS3: 6.1

nvd

больше 1 года назад

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

EPSS

Процентиль: 63%

0.00442

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

CVE-2024-9329

Дефекты

CWE-233

CWE-601