Lucene search

CVE-2017-7658

🗓️ 26 Jun 2018 17:00:29Reported by eclipseType

CVE-2017-7658: Jetty Server ignores second content-length header, leading to potential bypass of authorizatio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 59
CNVD	Eclipse Jetty HTTP Request Smuggling Vulnerability	16 Sep 202000:00	–	cnvd
Prion	Authorization	26 Jun 201817:29	–	prion
RedhatCVE	CVE-2017-7658	27 Jun 201808:49	–	redhatcve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2017-7658	4 Mar 202500:00	–	nessus
Tenable Nessus	F5 Networks BIG-IP : Eclipse Jetty vulnerabilities (K10002140)	5 Apr 202200:00	–	nessus
Tenable Nessus	Debian DSA-4278-1 : jetty9 - security update	20 Aug 201800:00	–	nessus
Tenable Nessus	RHEL 6 : nutch (Unpatched Vulnerability)	3 Jun 202400:00	–	nessus
Tenable Nessus	Fedora 28 : jetty (2018-48b73ed393)	3 Jan 201900:00	–	nessus
Tenable Nessus	Fedora 27 : jetty (2018-93a507fd0f)	13 Jul 201800:00	–	nessus
OpenVAS	Eclipse Jetty Server Fake Pipeline Request Security Bypass Vulnerability - Linux	5 Jul 201800:00	–	openvas

Nvd

Node

eclipse jettyRange≤9.2.26

eclipse jettyRange9.3.0–9.3.24

eclipse jettyRange9.4.0–9.4.11

Node

debian debian_linuxMatch9.0

Node

oracle rest_data_servicesMatch11.2.0.4-

oracle rest_data_servicesMatch12.1.0.2-

oracle rest_data_servicesMatch12.2.0.1-

oracle rest_data_servicesMatch18c-

oracle retail_xstore_paymentMatch3.3

oracle retail_xstore_point_of_serviceMatch7.1

oracle retail_xstore_point_of_serviceMatch15.0

oracle retail_xstore_point_of_serviceMatch16.0

oracle retail_xstore_point_of_serviceMatch17.0

Node

hp xp_p9000_command_viewRange8.4.0-00–8.6.2-00advanced

AND

hp xp_p9000Match-

Node

netapp e-series_santricity_managementMatch-

netapp e-series_santricity_os_controllerRange11.0–11.50.1

netapp e-series_santricity_web_servicesMatch-

netapp hci_management_nodeMatch-

netapp hci_storage_nodeMatch-

netapp oncommand_system_managerRange3.0–3.1.3

netapp oncommand_unified_manager_for_7-modeMatch-

netapp santricity_cloud_connectorMatch-

netapp snap_creator_frameworkMatch-

netapp snapcenterMatch-

netapp snapmanagerMatch-oracle

netapp snapmanagerMatch-sap

netapp solidfireMatch-

netapp storage_services_connectorMatch-

[
  {
    "product": "Eclipse Jetty",
    "vendor": "The Eclipse Foundation",
    "versions": [
      {
        "lessThan": "9.2.25",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "9.3.0",
        "versionType": "custom"
      },
      {
        "lessThan": "9.3.24",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "9.4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "9.4.11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20181014-0001/
debian	www.debian.org/security/2018/dsa-4278
securityfocus	www.securityfocus.com/bid/106566
support	www.support.hpe.com/hpsc/doc/public/display
oracle	www.oracle.com//security-alerts/cpujul2021.html
lists	www.lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
lists	www.lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Jun 2018 17:29Current

9.2High risk

Vulners AI Score9.2

CVSS27.5

CVSS39.8

EPSS0.06875

CWE-444