CVE-2024-10032
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in Eclipse GlassFish 7.0.15 allows attackers to inject malicious scripts into the administration console. When administrators view compromised pages, attackers can steal session cookies, perform actions as the administrator, or deface the interface. Only systems running the vulnerable GlassFish version with the administration console enabled are affected.
💻 Affected Systems
- Eclipse GlassFish
📦 What is this software?
Glassfish by Eclipse
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative control over GlassFish server, allowing deployment of malicious applications, data theft, server compromise, and lateral movement to connected systems.
Likely Case
Session hijacking leading to unauthorized administrative actions, configuration changes, or data exfiltration from the administration interface.
If Mitigated
Limited impact if proper network segmentation, admin console access restrictions, and content security policies are implemented.
🎯 Exploit Status
Requires attacker access to admin console input fields. Stored XSS means payload persists until cleaned.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.0.16 or later
Vendor Advisory: https://gitlab.eclipse.org/security/cve-assignement/-/issues/42
Restart Required: Yes
Instructions:
1. Download GlassFish 7.0.16 or later from Eclipse downloads
2. Stop GlassFish server
3. Backup configuration and deployed applications
4. Install updated version
5. Restore configuration if needed
6. Start GlassFish server
🔧 Temporary Workarounds
Disable Administration Console
allRemove or restrict access to admin console if not required
asadmin disable-secure-admin
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.enabled=false
Implement Content Security Policy
allAdd CSP headers to prevent script execution
Add to web.xml: <security-constraint><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint></security-constraint>
🧯 If You Can't Patch
- Restrict admin console access to specific IP addresses using firewall rules
- Implement web application firewall with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check GlassFish version: asadmin version | grep 'Version'Check Version:
asadmin versionVerify Fix Applied:
Confirm version is 7.0.16 or higher: asadmin version📡 Detection & Monitoring
Log Indicators:
- Unusual admin console activity patterns
- Multiple failed login attempts followed by successful login
- Suspicious input patterns in admin console logs
Network Indicators:
- Unusual outbound connections from admin console
- Requests with suspicious script tags or JavaScript in parameters
SIEM Query:
source="glassfish.log" AND ("script" OR "javascript:" OR "onload=" OR "onerror=")