CVE-2017-7656

🗓️ 26 Jun 2018 15:00:00Reported by eclipseType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 179 Views

CVE-2017-7656: Eclipse Jetty versions 9.2.x and older, 9.3.x, 9.4.x (non-default config) handle HTTP/0.9 poorly

Reporter	Title	Published	Views	Family All 65
IBM Security Bulletins	Security Bulletin: IBM Storage Protect Server is vulnerable to various attacks due to Eclipse jetty	21 Jun 202318:36	–	ibm
IBM Security Bulletins	Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Eclipse Jetty code libraries (Multiple CVEs)	7 Jul 202217:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities	4 May 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	7 Oct 202020:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by a Components with known vulnerabilities	6 Oct 202112:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in Eclipse Jetty affect IBM Security Directory Integrator	15 May 202400:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)	6 Nov 201919:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Jasper used in Jetty 8.1.3 Server where Rational Synergy is deployed	22 Dec 202018:18	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Eclipse Jetty affect the IBM InfoSphere Information Server installers	16 Oct 201820:00	–	ibm
IBM Security Bulletins	Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.	19 Sep 202220:54	–	ibm

NVD

Node

eclipse jettyRange≤9.2.26

eclipse jettyRange9.3.0–9.3.24

eclipse jettyRange9.4.0–9.4.11

Node

debian debian_linuxMatch9.0

[
  {
    "product": "Eclipse Jetty",
    "vendor": "The Eclipse Foundation",
    "versions": [
      {
        "lessThanOrEqual": "9.2.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "9.3.0",
        "versionType": "custom"
      },
      {
        "lessThan": "9.3.24",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "9.4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "9.4.11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
bugs	www.bugs.eclipse.org/bugs/show_bug.cgi
oracle	www.oracle.com//security-alerts/cpujul2021.html
lists	www.lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
support	www.support.hpe.com/hpsc/doc/public/display
lists	www.lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
lists	www.lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6%40%3Cissues.maven.apache.org%3E
oracle	www.oracle.com/security-alerts/cpuoct2020.html
debian	www.debian.org/security/2018/dsa-4278
security	www.security.netapp.com/advisory/ntap-20181014-0001/
securitytracker	www.securitytracker.com/id/1041194

21 Nov 2024 03:32Current

8.2High risk

Vulners AI Score8.2

CVSS 25

CVSS 37.5

EPSS0.08531

CWE-444