Skip to content

A vulnerability found in Glassfish FormAuthenticator that can cause remote DoS attacks

Received on security ML @hhh123321 :

Basic information

Project name: Eclipse Glassfish

Project id: ee4j.glassfish

What are the affected versions?

6.x, 7.x, 8.x

Details of the issue

I found a vulnerability in Glassfish FormAuthenticator recently which can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server's memory. The details and the PoC are included in the attachment. Please feel free to contact me if you have any questions about the vulnerability report. My GitHub account page is https://github.com/HRsGIT, which you can use to add me to a security advisory.

Glassfish_FormAuth.pdf

Edited by Thomas Neidhart
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent