Vulnerability in Eclipse Glassfish Could Lead to Redirect to Untrusted Sites
CVE-2024-8646

6.1MEDIUM

Key Information:

Vendor
Eclipse Foundation
Status
Eclipse Glassfish
Vendor
CVE Published:
11 September 2024

Summary

In the affected versions of Eclipse Glassfish (prior to 7.0.10), a URL redirection vulnerability exists that allows attackers to redirect users to untrusted sites. This vulnerability is linked to an earlier issue in the Apache code utilized within GlassFish, specifically impacting applications that are deployed to the root context ('/'). It's crucial for developers and organizations utilizing Glassfish to address this security issue to protect against potential phishing attempts and unauthorized data access.

Affected Version(s)

Eclipse Glassfish 5.1.0 < 7.0.10

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.