CVE-2024-9329
- Reference to the description:
- Description:
- In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
- Last updated date:
- 10/07/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/07/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/07/2024
- Reference url to background
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232