CVE-2024-9408Server-Side Request Forgery in Foundation Eclipse Glassfish

CWE-918Server-Side Request Forgery4 documents4 sources
Severity
8.9HIGHNVD
EPSS
0.1%
top 77.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Eclipse Foundation Eclipse GlassfishEclipse Glassfish
Timeline
PublishedJul 16

Description

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

3
CVEList
CVE-2024-9408: In Eclipse GlassFish since version 62025-07-16
GHSA
Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints2025-07-16
OSV
Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints2025-07-16
CVE-2024-9408 — Server-Side Request Forgery | cvebase