CVE-2024-9329 – This vulnerability in Eclipse Glassfish allows ... (How to Fix)

Q: What is the severity of CVE-2024-9329?

CVE-2024-9329 has a CVSS score of 6.1 (MEDIUM). This vulnerability in Eclipse Glassfish allows attackers to redirect users to malicious websites via manipulated HTTP Host parameters when accessing the '/management/domain' endpoint. This enables phishing attacks to steal credentials. Organizations using Glassfish versions before 7.0.17 are affected.

📋 TL;DR

This vulnerability in Eclipse Glassfish allows attackers to redirect users to malicious websites via manipulated HTTP Host parameters when accessing the '/management/domain' endpoint. This enables phishing attacks to steal credentials. Organizations using Glassfish versions before 7.0.17 are affected.

💻 Affected Systems

Products:

Eclipse Glassfish

Versions: All versions before 7.0.17

Operating Systems: All operating systems running Glassfish

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the '/management/domain' endpoint accessible.

📦 What is this software?

Glassfish by Eclipse

View all CVEs affecting Glassfish →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Successful phishing campaign leading to credential theft, account compromise, and potential lateral movement within the network.

🟠

Likely Case

Credential harvesting from users who follow the malicious redirect, potentially leading to unauthorized access to the Glassfish management interface.

🟢

If Mitigated

Limited impact if users are trained to recognize phishing attempts and multi-factor authentication is enforced.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the vulnerable endpoint but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.17

Vendor Advisory: https://github.com/eclipse-ee4j/glassfish/pull/25106

Restart Required: Yes

Instructions:

1. Download Glassfish 7.0.17 or later from official sources. 2. Stop the Glassfish server. 3. Backup configuration and deployed applications. 4. Install the updated version. 5. Restore configuration and applications. 6. Restart the server.

🔧 Temporary Workarounds

Restrict access to management endpoint

linux

Block external access to the '/management/domain' endpoint using firewall rules or web server configuration.

iptables -A INPUT -p tcp --dport 4848 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 4848 -j DROP

Implement reverse proxy validation

all

Configure reverse proxy to validate and sanitize Host headers before forwarding to Glassfish.

🧯 If You Can't Patch

Implement network segmentation to isolate Glassfish servers from user networks
Deploy web application firewall rules to detect and block malicious redirect attempts

🔍 How to Verify

Check if Vulnerable:

Check Glassfish version via admin console or command: asadmin version

Check Version:

asadmin version

Verify Fix Applied:

Confirm version is 7.0.17 or later using: asadmin version

📡 Detection & Monitoring

Log Indicators:

HTTP requests to '/management/domain' with unusual Host headers
Multiple redirect responses from the management endpoint

Network Indicators:

Unusual outbound connections from Glassfish server following management endpoint access

SIEM Query:

source="glassfish.log" AND (url_path="/management/domain" AND (host_header CONTAINS "malicious" OR status_code=302))

📊 Metadata

CVE ID: CVE-2024-9329

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-233

Published: September 30, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/eclipse-ee4j/glassfish/pull/25106 Exploit,Patch
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232 Exploit,Vendor Advisory
https://www.gruppotim.it/it/footer/red-team.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9329, you might also want to check these: