Eclipse: >> Glassfish >> 7.0.5 Security Vulnerabilities
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-09-30
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.
This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.
This vulnerability only affects applications that are explicitly deployed to the root context ('/').
CVSS Score
6.1
EPSS Score
0.001
Published
2024-09-11