CVE-2022-2048

🗓️ 07 Jul 2022 20:35:09Reported by eclipseType

cve🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 393 Views

In Eclipse Jetty HTTP/2 server, bug in error handling can lead to DoS scenario

Reporter	Title	Published	Views	Family All 108
IBM Security Bulletins	Security Bulletin: IBM Secure External Authentication Server is vulnerable to multiple issues due to Eclipse Jetty	29 Jul 202217:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518)	29 Sep 202214:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities	4 May 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	26 Oct 202218:06	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Service Tester has taken steps to mitigate these vulnerabilities.	22 Nov 202213:50	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities discovered in libraries used by Apache Zookeeper that is included in ITNM (CVE-2020-36518, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823)	4 Jan 202315:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues due to Eclipse Jetty	29 Jul 202217:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM InfoSphere Information Server	17 May 202302:32	–	ibm
IBM Security Bulletins	Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester	17 Aug 202205:45	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2023	27 Jan 202306:39	–	ibm

NVD

Node

eclipse jettyRange<9.4.47

eclipse jettyRange10.0.0–10.0.9

eclipse jettyRange11.0.0–11.0.9

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

netapp element_plug-in_for_vcenter_serverMatch-

netapp management_services_for_element_software_and_netapp_hciMatch-

netapp snapcenterMatch-

netapp solidfire_&_hci_storage_nodeMatch-

netapp hci_compute_nodeMatch-

Node

jenkins jenkinsRange<2.263

jenkins jenkinsRange<2.361.1lts

[
  {
    "product": "Eclipse Jetty",
    "vendor": "The Eclipse Foundation",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "9.4.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.4.46",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "10.0.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "10.0.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "11.0.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "11.0.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20220901-0006/
lists	www.lists.debian.org/debian-lts-announce/2022/08/msg00011.html
github	www.github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
debian	www.debian.org/security/2022/dsa-5198
openwall	www.openwall.com/lists/oss-security/2022/09/09/2

21 Nov 2024 07:00Current

7.3High risk

Vulners AI Score7.3

CVSS 25

CVSS 3.17.5

EPSS0.00965