cve/2024/CVE-2024-9329.md

### [CVE-2024-9329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9329)
![](https://img.shields.io/static/v1?label=Product&message=Glassfish&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.1.0%3C%3D%207.0.16%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-233%20%20Improper%20Handling%20of%20Parameters&color=brighgreen)

### Description

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

### POC

#### Reference
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232

#### Github
- https://github.com/Wala-Alnozmai/SVD-Benchmark
- https://github.com/oananbeh/LLM-Java-SVR-Benchmark