CVE-2024-9329

Name of the Vulnerable Software and Affected Versions Eclipse Glassfish versions prior to 7.0.17

Description The Host HTTP parameter could cause the web application to redirect to the specified URL when the requested endpoint is "/management/domain". By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Recommendations For Eclipse Glassfish versions prior to 7.0.17, as a temporary workaround, consider restricting access to the "/management/domain" endpoint until a patch is available. Avoid using the Host HTTP parameter in the affected endpoint to minimize the risk of exploitation. Update to version 7.0.17 or later to resolve the issue.