Approved changes feed: RSS · Atom
cpe:2.3:a:eclipse_foundation:glassfish:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Eclipse Foundation (2c315c48-0111-5572-bbde-cc70cfafb2e9) |
|---|---|
| Product | Glassfish (841970d5-afdf-5f96-9d8c-379d4a2b9bb5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-9329 |
vulnerable | 2026-06-03 14:58:21.023280 |
Glassfish redirect to untrusted site
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Published: 2024-09-30T07:11:53.688Z
Updated: 2024-10-07T15:59:12.662Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5763 |
vulnerable | 2026-06-03 14:53:49.573865 |
Glassfish remote code execution
MEDIUM (6.8)
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
Published: 2023-11-03T06:40:43.441Z
Updated: 2024-09-05T19:04:31.768Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.