EUVD-2022-6436

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Eclipse Jetty HTTP/2 server has a bug in error handling causing potential Denial of Service issues.

Reporter	Title	Published	Views	Family All 108
IBM Security Bulletins	Security Bulletin: IBM Secure External Authentication Server is vulnerable to multiple issues due to Eclipse Jetty	29 Jul 202217:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518)	29 Sep 202214:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities	4 May 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	26 Oct 202218:06	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Service Tester has taken steps to mitigate these vulnerabilities.	22 Nov 202213:50	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities discovered in libraries used by Apache Zookeeper that is included in ITNM (CVE-2020-36518, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823)	4 Jan 202315:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues due to Eclipse Jetty	29 Jul 202217:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM InfoSphere Information Server	17 May 202302:32	–	ibm
IBM Security Bulletins	Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester	17 Aug 202205:45	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2023	27 Jan 202306:39	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "a2a3d5a4-ae5d-3504-8b6e-164b8cf060d8",
        "vendor": {
          "name": "The Eclipse Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "040a231b-6435-35b1-94ae-a558a69ac49d",
        "product": {
          "name": "Eclipse Jetty"
        },
        "product_version": "unspecified ≤9.4.46"
      },
      {
        "id": "11003cd0-a73e-3dd2-ae14-5da69949ca9a",
        "product": {
          "name": "Eclipse Jetty"
        },
        "product_version": "11.0.0 <unspecified"
      },
      {
        "id": "298b4794-db9b-34b6-b484-86e33df3be20",
        "product": {
          "name": "Eclipse Jetty"
        },
        "product_version": "unspecified ≤11.0.9"
      },
      {
        "id": "4b3d0c9d-31b4-31cf-b511-7795835c6fc4",
        "product": {
          "name": "Eclipse Jetty"
        },
        "product_version": "unspecified ≤10.0.9"
      },
      {
        "id": "8f2e4271-7b61-3f86-8fd3-38db8cd68922",
        "product": {
          "name": "Eclipse Jetty"
        },
        "product_version": "9.4.0 <unspecified"
      },
      {
        "id": "f0165385-9694-3a0e-93d5-65d9526bbd79",
        "product": {
          "name": "Eclipse Jetty"
        },
        "product_version": "10.0.0 <unspecified"
      }
    ]
  }
]

Source	Link
github	www.github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-2048
github	www.github.com/eclipse/jetty.project
lists	www.lists.debian.org/debian-lts-announce/2022/08/msg00011.html
security	www.security.netapp.com/advisory/ntap-20220901-0006
debian	www.debian.org/security/2022/dsa-5198
openwall	www.openwall.com/lists/oss-security/2022/09/09/2
suse	www.suse.com/security/cve/CVE-2022-2048.html
access	www.access.redhat.com/errata/RHSA-2022:8652
access	www.access.redhat.com/errata/RHSA-2023:0017

03 Oct 2025 20:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.17.5

CVSS 25

EPSS0.01047