Glassfish redirect to untrusted site

The Eclipse Foundation is a Common Vulnerabilities and Exposures (CVE) Numbering Authority. This issue it used to request and track the progress of the assignment of a CVE for a vulnerability in the project code for an Eclipse open source project.

Basic information

Project name: Glassfish

Project id:

Request type: reservation

Versions affected: 5.1.0 to 7.0.16 (included)

Common Weakness Enumeration:

• CWE-233: Improper Handling of Parameters

Common Vulnerability Scoring System: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Summary:

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Credits:

• (1) First Name: Marco - Last Name: Ventura
• (2) First Name: Claudia - Last Name: Bartolini
• (3) First Name: Andrea Carlo Maria - Last Name: Dattola
• (4) First Name: Debora - Last Name: Esposito
• (5) First Name: Massimiliano - Last Name: Brolli

Links:

• https://github.com/eclipse-ee4j/glassfish/pull/25106
• vulnerability-reports#232 (closed)

Tracking

This section will completed by the project team.

• Reserve an entry only
• We're ready for this issue to be reported to the central authority (i.e., make this public now)
• (when applicable) The GitHub Security Advisory is ready to be published now

Note that for those projects that host their repositories on GitHub, the use of GitHub Security Advisories is recommended but is not required.

This section will be completed by the EMO.

CVE: {cve}

• All required information is provided
• CVE Assigned
• Pushed to Mitre
• Accepted by Mitre

assigned to @hsawamura, @smillidge, @dmisingname3q2, @redteamtim, @mbarbero, and @mrybczyn

@hsawamura @smillidge @dmisingname3q2 @redteamtim could you review the information I propose for the entry ?

changed the description

mentioned in issue vulnerability-reports#232 (closed)

Hi @mrybczyn, the following link is not about us.

• https://github.com/eclipse-ee4j/glassfish/pull/25106

can you add this correct link?

• https://www.gruppotim.it/it/footer/red-team.html

Thank you

Links in the CVE entry are always about the issue itself.

We can add a link to the credits section, how would you prefer it to be formatted, something like Marco Ventura (Redteam https://www.gruppotim.it/it/footer/red-team.html) ?

Hello @mrybczyn, only the link for us would be fine.

Thank you

changed the description

Hello @mrybczyn, could you give us the CVE-ID that you reserved for this vulnerability, please? In addition, we are wondering if you could proceed to reserve the CVE-ID for the other vulnerabilities reported previously.

Thank you and best regards

Hello @mrybczyn, could you give us the CVE-ID that you reserved for this vulnerability, please?

changed the description

Sorry for the mismatch, we're using CVE-2024-9329 for this one

added cvereserved label

marked the checklist item CVE Assigned as completed

added cvepublished label and removed cvereserved label

The CVE has been published, removing confidentiality from the ticket

closed

made the issue visible to everyone

Hi @mrybczyn , please may you add our official istitutional site (https://www.gruppotim.it/it/footer/red-team.html) in the CVE-2024-9329? thank you and best regards