In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
We have discovered 164 live websites that are affected by CVE-2024-9329.
Product | GlassFish |
Category | Web Servers |
Vulnerable Versions |
|
Vulnerable Versions Count | 14 versions ( 35.90% of all versions) |
Vulnerable Domains | 164 live websites (10.31% of GlassFish install base) |
United States | 17 websites |
GB | 61 websites |
Panama | 27 websites |
Czech Republic | 9 websites |
Brazil | 6 websites |
Germany | 5 websites |
Spain | 5 websites |
France | 5 websites |
European Union | 3 websites |
Finland | 3 websites |
.com | 53 websites |
.net | 34 websites |
.co.uk | 19 websites |
.cz | 9 websites |
.com.br | 5 websites |
.org | 4 websites |
.dk | 3 websites |
.fr | 3 websites |
.info | 3 websites |
.be | 2 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
****.com | United States | ***,*** | |
***.***.cz | Czech Republic | ***,*** | |
*****.***.gov | United States | ***,*** | |
*****.net | GB | ***,*** | |
******.org | United States | ***,*** | |
**********.com | Germany | *,***,*** | |
*********.be | Belgium | *,***,*** | |
********.com | Austria | *,***,*** | |
****************.dk | Denmark | *,***,*** | |
********.tn | Tunisia | *,***,*** |
FAQ