Update CVE-2024-9342 - fixed in GlassFish 8.0.3
CVE Publication Request
The Eclipse Foundation is a Common Vulnerabilities and Exposures (CVE) Numbering Authority.
Creating this ticket requests an update of the below referenced CVE:
CVE reservation ticket URL: #33 (closed)
Requested updates
Affected versions
- 5.1.0
- [6.0.0, 6.2.5]
- [7.0.0, 7.0.25]
- 7.1.0
- [8.0.0,8.0.3)
Description
In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection.