Product:

Glassfish

(Eclipse)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 4
Date Id Summary Products Score Patch Annotated
2023-01-27 CVE-2022-2712 In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. Glassfish 7.5
2023-11-03 CVE-2023-5763 In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners. Glassfish 9.8
2024-09-30 CVE-2024-9329 In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Glassfish 6.1
2024-09-11 CVE-2024-8646 In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/'). Glassfish 6.1