Update CVE-2024-9342 - fixed in GlassFish 8.0.3

CVE Publication Request

The Eclipse Foundation is a Common Vulnerabilities and Exposures (CVE) Numbering Authority.

Creating this ticket requests an update of the below referenced CVE:


CVE reservation ticket URL: #33 (closed)

Requested updates

Affected versions

  • 5.1.0
  • [6.0.0, 6.2.5]
  • [7.0.0, 7.0.25]
  • 7.1.0
  • [8.0.0,8.0.3)

Description

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection.