Payara Server is an open source middleware platform that supports reliable and secure deployments of Java EE (Jakarta EE) and MicroProfile applications in any environment: on premise, in the cloud or hybrid.
It is possible to trick the Payara Server’s management REST interface by “injecting” a malicious URL via the Host header of a sample request to let the HTML page that is generated by the REST interface when the /management/domain endpoint is targeted.
Description
It is possible to trick the Payara Server’s management REST interface by “injecting” a malicious URL via the Host header of a sample request to let the HTML page that is generated by the REST interface when the /management/domain endpoint is targeted.
Important Info
Blockers
None
Testing
New tests
None
Testing Performed
Steps:
Testing Environment
Zulu JDK 11.0.11 Windows 11 with Maven 3.8.4
Documentation
None
Notes for Reviewers