7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
50.4%
Package : jetty9
Version : 9.4.16-0+deb10u2
CVE ID : CVE-2022-2047 CVE-2022-2048
Two security vulnerabilities were discovered in Jetty, a Java servlet engine
and webserver.
CVE-2022-2047
In Eclipse Jetty the parsing of the authority segment of an http scheme
URI, the Jetty HttpURI class improperly detects an invalid input as a
hostname. This can lead to failures in a Proxy scenario.
CVE-2022-2048
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid
HTTP/2 request, the error handling has a bug that can wind up not properly
cleaning up the active connections and associated resources. This can lead
to a Denial of Service scenario where there are no enough resources left to
process good requests.
For Debian 10 buster, these problems have been fixed in version
9.4.16-0+deb10u2.
We recommend that you upgrade your jetty9 packages.
For the detailed security status of jetty9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jetty9
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | all | libjetty9-extra-java | < 9.4.16-0+deb10u2 | libjetty9-extra-java_9.4.16-0+deb10u2_all.deb |
Debian | 11 | all | libjetty9-extra-java | < 9.4.39-3+deb11u1 | libjetty9-extra-java_9.4.39-3+deb11u1_all.deb |
Debian | 10 | all | jetty9 | < 9.4.16-0+deb10u2 | jetty9_9.4.16-0+deb10u2_all.deb |
Debian | 11 | all | jetty9 | < 9.4.39-3+deb11u1 | jetty9_9.4.39-3+deb11u1_all.deb |
Debian | 10 | all | libjetty9-java | < 9.4.16-0+deb10u2 | libjetty9-java_9.4.16-0+deb10u2_all.deb |
Debian | 11 | all | libjetty9-java | < 9.4.39-3+deb11u1 | libjetty9-java_9.4.39-3+deb11u1_all.deb |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
50.4%