CVE-2024-8646

Name of the Vulnerable Software and Affected Versions Eclipse Glassfish versions prior to 7.0.10

Description A URL redirection issue to untrusted sites exists, caused by a vulnerability in the included Apache code. This issue only affects applications explicitly deployed to the root context ('/'). The vulnerability can be exploited to redirect users to an arbitrary URL address.

Recommendations For Eclipse Glassfish versions prior to 7.0.10, update to version 7.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to applications deployed to the root context ('/') until the update is applied.