CVE-2024-9342
📋 TL;DR
CVE-2024-9342 allows attackers to perform unlimited brute-force login attempts against Eclipse GlassFish servers, potentially compromising administrator or user accounts. This affects all deployments using GlassFish 7.0.16 or earlier with authentication enabled. The vulnerability stems from missing rate limiting on login attempts.
💻 Affected Systems
- Eclipse GlassFish
📦 What is this software?
Glassfish by Eclipse
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through successful brute-force of administrative credentials, leading to data theft, application takeover, or deployment of backdoors.
Likely Case
Account takeover of user or administrative accounts through automated brute-force attacks, resulting in unauthorized access to sensitive data and application functionality.
If Mitigated
Limited impact if strong password policies, account lockouts, or network-level protections are implemented, though the vulnerability still presents an attack surface.
🎯 Exploit Status
Exploitation requires no authentication and can be performed with basic brute-force tools. No special conditions needed beyond network access to login endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.0.17 or later
Vendor Advisory: https://gitlab.eclipse.org/security/cve-assignement/-/issues/33
Restart Required: Yes
Instructions:
1. Download GlassFish 7.0.17 or later from Eclipse repository. 2. Backup current configuration. 3. Stop GlassFish server. 4. Replace installation with patched version. 5. Restore configuration. 6. Start server.
🔧 Temporary Workarounds
Implement Web Application Firewall (WAF) Rules
allConfigure WAF to rate-limit login attempts to the GlassFish authentication endpoints.
Configure Reverse Proxy Rate Limiting
linuxUse nginx or Apache as reverse proxy to implement rate limiting on /j_security_check and other login endpoints.
# nginx example: limit_req_zone $binary_remote_addr zone=glassfishlogin:10m rate=5r/m;
# Then in location block: limit_req zone=glassfishlogin burst=10 nodelay;
🧯 If You Can't Patch
- Implement network-level controls like IP-based rate limiting at firewall or load balancer.
- Enforce strong password policies (minimum 12 characters, complexity requirements) to increase brute-force difficulty.
🔍 How to Verify
Check if Vulnerable:
Check GlassFish version via admin console or command: asadmin version. If version is 7.0.16 or earlier, system is vulnerable.Check Version:
asadmin versionVerify Fix Applied:
Verify version is 7.0.17 or later using asadmin version command. Test login endpoint with rapid consecutive failed attempts to confirm rate limiting is active.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts from same IP address in short time period
- Unusual authentication patterns in server.log
Network Indicators:
- High volume of POST requests to /j_security_check endpoint
- Traffic patterns showing login attempts at regular intervals
SIEM Query:
source="glassfish.log" AND "javax.enterprise.system.core.security" AND "FAILED" | stats count by src_ip | where count > 10