CVE-2024-8646

CVSS V2 None CVSS V3 None

Description

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').

Overview

CVE ID
CVE-2024-8646

Assigner
eclipse

Vulnerability Status
PUBLISHED

Published Version
2024-09-11T13:26:47.468Z

Last Modified Date
2024-09-11T13:40:06.290Z

Weakness Enumerations

CWE	URL
CWE-601	http://cwe.mitre.org/data/definitions/601.html

References

Reference URL	Reference Tags
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163
https://gitlab.eclipse.org/security/cve-assignement/-/issues/34
https://github.com/eclipse-ee4j/glassfish/pull/24655
https://glassfish.org/download

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-8646
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8646

History

Created	Old Value	New Value	Data Type	Notes
2024-09-12 13:06:10				Added to TrackCVE