3 matches found
CVE-2024-9329
CVE-2024-9329 affects Eclipse GlassFish prior to 7.0.17. The Host HTTP parameter at the /management/domain endpoint can cause the web application to redirect to an attacker‑controlled URL, enabling phishing and potential credential theft. The reports indicate an Open Redirect risk tied to this pa...
CVE-2026-2587
CVE-2026-2587 describes a critical RCE in the server-side template rendering used by the Glassfish gadget handler. The flaw arises when processing .xml files, evaluating user-supplied values as Expression Language (EL) expressions without proper sanitization, e.g., #{7*7}, enabling server-side EL...
CVE-2026-2586
CVE-2026-2586: An authenticated RCE in GlassFish Administration Console. A user with console access can send crafted requests to execute arbitrary OS commands with the privileges of the application service user. Affected: GlassFish Admin Console. Impact (per provided metrics): high confidentialit...