Skip to content

Glassfish SSRF vulnerability in /download/log endpoint

Basic information

Project name: Glassfish

Project id: ee4j.glassfish

What are the affected versions?

[6.2.5 - ?]

Details of the issue

I discovered SSRF vulnerability in glassfish 6.2.5 product. It's details; Vulnerable Path:https://[targetexample]:4848/download/log/?contentSourceId=LogViewer&start=56783&instanceName=server&restUrl=https%3A%2F%2Flocalhost%3A4848%2Fmanagement%2Fdomain Vulnerable parameter: restUrl OS: Ubuntu 22.04 Payload: https%3A%2F%2Flocalhost%3A4848

The specified vulnerable parameter (restUrl) causes the SSRF vulnerability. In this way, an attacker can obtain critical and sensitive service information for the system, such as port scanning. Or, he can direct the server information to other resources within the network. This situation is shown in order below.

image

image

image

image

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent