We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Reserved 2024-09-29 | Published 2024-09-30 | Updated 2024-10-07 | Assigner eclipseCWE-233 Improper Handling of Parameters
Marco Ventura (redteam https://www.gruppotim.it/it/footer/red-team.html)
Claudia Bartolini (redteam https://www.gruppotim.it/it/footer/red-team.html)
Andrea Carlo Maria Dattola (redteam https://www.gruppotim.it/it/footer/red-team.html)
Debora Esposito (redteam https://www.gruppotim.it/it/footer/red-team.html)
Massimiliano Brolli (redteam https://www.gruppotim.it/it/footer/red-team.html)
github.com/eclipse-ee4j/glassfish/pull/25106
gitlab.eclipse.org/...ity/vulnerability-reports/-/issues/232
Support options