CVE-2024-9329

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 30, 2024

Updated: Nov 21, 2024

CWE ID 601

CWE ID 233

Summary

CVE-2024-9329 is a vulnerability affecting Eclipse GlassFish versions prior to 7.0.17. This issue allows an attacker to manipulate the Host HTTP parameter in requests to the '/management/domain' endpoint. By doing so, they can induce the web application to redirect users to a malicious site. This poses a significant risk, as attackers could then launch phishing scams and potentially steal sensitive user credentials.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Eclipse Glassfish

Affected Vendors

Eclipse

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zEQUBs
https://www.cve.org/CVERecord?id=CVE-2024-9329
https://nvd.nist.gov/vuln/detail/CVE-2024-9329

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners