Miggo Logo
Miggo Vulnerability Database
CVE-2024-9408

CVE-2024-9408: Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints

N/A

CVSS Score

Basic Information

CVE ID
CVE-2024-9408
GHSA ID
GHSA-f7h5-c625-3795
EPSS Score
0.10538%
CWE
CWE-918
Published
7/16/2025
Updated
7/18/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.glassfish.main.admingui:console-commonmaven<= 6.2.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is a Server-Side Request Forgery (SSRF) in the /download/log endpoint of Eclipse GlassFish 6.2.5. The root cause of the vulnerability is improper handling of the restUrl parameter, which allows an attacker to craft a malicious URI that can be used to access internal resources. The provided patch addresses this vulnerability by adding stricter normalization of the URI in the CoyoteAdapter class. The normalize, normalizeBytes, and normalizeChars functions were modified to detect and prevent path traversal attacks. The postParseRequest function was also modified to call the new normalize function and handle cases where normalization fails. These changes prevent the application from processing malicious URIs and mitigate the SSRF vulnerability.

Vulnerable functions

org.apache.catalina.connector.CoyoteAdapter.postParseRequest
appserver/web/web-core/src/main/java/org/apache/catalina/connector/CoyoteAdapter.java
This function was modified to call the new `normalize` function and handle the case where normalization fails. This indicates that the previous implementation was vulnerable to path traversal attacks.
org.apache.catalina.connector.CoyoteAdapter.normalize
appserver/web/web-core/src/main/java/org/apache/catalina/connector/CoyoteAdapter.java
This function was modified to accept a `Response` object and pass it to the `normalizeBytes` and `normalizeChars` functions. This allows the functions to set a detailed error message when normalization fails, which is a key part of the fix.
org.apache.catalina.connector.CoyoteAdapter.normalizeBytes
appserver/web/web-core/src/main/java/org/apache/catalina/connector/CoyoteAdapter.java
This function was modified to set a detailed error message on the `Response` object when a path traversal attempt is detected. This prevents the application from processing the malicious URI and is a direct fix for the vulnerability.
org.apache.catalina.connector.CoyoteAdapter.normalizeChars
appserver/web/web-core/src/main/java/org/apache/catalina/connector/CoyoteAdapter.java
This function was modified to set a detailed error message on the `Response` object when a path traversal attempt is detected. This prevents the application from processing the malicious URI and is a direct fix for the vulnerability.

WAF Protection Rules

WAF Rule

In **lips* *l*ss*is* v*rsion *.*.*, it is possi*l* to p*r*orm * S*rv*r Si** R*qu*st *or**ry *tt**k usin* sp**i*i* *n*points.

Reasoning

T** vuln*r**ility is * S*rv*r-Si** R*qu*st *or**ry (SSR*) in t** `/*ownlo**/lo*` *n*point o* **lips* *l*ss*is* *.*.*. T** root **us* o* t** vuln*r**ility is improp*r **n*lin* o* t** `r*stUrl` p*r*m*t*r, w*i** *llows *n *tt**k*r to *r**t * m*li*ious U