CVE-2024-9329

Glassfish redirect to untrusted site

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.


We have discovered 164 live websites that are affected by CVE-2024-9329.

Contact us to get more info




Affected Software

Product  GlassFish
Category Web Servers
Vulnerable Versions
  • from 5.1 through 7.0.16
Vulnerable Versions Count14 versions ( 35.90% of all versions)
Vulnerable Domains164 live websites (10.31% of GlassFish install base)


Common Weakness Enumeration

CWE-233 Improper Handling of Parameters



Details

  • Published - Sep 30, 2024
  • Updated - Sep 30, 2024

Credits

  • Marco Ventura (redteam https://www.gruppotim.it/it/footer/red-team.html) (finder)
  • Claudia Bartolini (redteam https://www.gruppotim.it/it/footer/red-team.html) (finder)
  • Andrea Carlo Maria Dattola (redteam https://www.gruppotim.it/it/footer/red-team.html) (finder)
  • Debora Esposito (redteam https://www.gruppotim.it/it/footer/red-team.html) (finder)
  • Massimiliano Brolli (redteam https://www.gruppotim.it/it/footer/red-team.html) (finder)

CVE-2024-9329 usage by Country

United States17 websites



GB61 websites
Panama27 websites
Czech Republic9 websites
Brazil6 websites
Germany5 websites
Spain5 websites
France5 websites
European Union3 websites
Finland3 websites

CVE-2024-9329 usage by TLD

.com53 websites
.net34 websites
.co.uk19 websites
.cz9 websites
.com.br5 websites
.org4 websites
.dk3 websites
.fr3 websites
.info3 websites
.be2 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-9329

Top websites that are affected by CVE-2024-9329. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
****.com United States***,***
***.***.cz Czech Republic***,***
*****.***.gov United States***,***
*****.net GB***,***
******.org United States***,***
**********.com Germany*,***,***
*********.be Belgium*,***,***
********.com Austria*,***,***
****************.dk Denmark*,***,***
********.tn Tunisia*,***,***
See full domain list

FAQ

CVE-2024-9329 is Improper Handling of Parameters in GlassFish
A total of 164 websites have been identified as vulnerable to CVE-2024-9329, discovered through global website indexing conducted by WebTechSurvey.
GlassFish is susceptible to CVE-2024-9329 vulnerability.
GlassFish versions before, and including, 7.0.16 are vulnerable to CVE-2024-9329.