CVE-2024-8646

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-8646
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/eclipse-ee4j/glassfish/pull/24655 Patch
https://gitlab.eclipse.org/security/cve-assignement/-/issues/34 Vendor Advisory
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163 Broken Link
https://glassfish.org/download Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:*
History

18 Sep 2024, 20:20

Type Values Removed Values Added
References () https://github.com/eclipse-ee4j/glassfish/pull/24655 - () https://github.com/eclipse-ee4j/glassfish/pull/24655 - Patch
References () https://gitlab.eclipse.org/security/cve-assignement/-/issues/34 - () https://gitlab.eclipse.org/security/cve-assignement/-/issues/34 - Vendor Advisory
References () https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163 - () https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163 - Broken Link
References () https://glassfish.org/download - () https://glassfish.org/download - Product
Summary
  • (es) En las versiones de Eclipse Glassfish anteriores a la 7.0.10, existía una vulnerabilidad de redirección de URL a sitios no confiables. Esta vulnerabilidad es causada por la vulnerabilidad (CVE-2023-41080) en el código Apache incluido en GlassFish. Esta vulnerabilidad solo afecta a las aplicaciones que se implementan explícitamente en el contexto raíz ('/').
CPE cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:*
First Time Eclipse glassfish
Eclipse

11 Sep 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-11 14:15

Updated : 2024-09-18 20:20

NVD link : CVE-2024-8646

Mitre link : CVE-2024-8646

CVE.ORG link : CVE-2024-8646

JSON object : View

Products Affected

eclipse

  • glassfish
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024