Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD1EE26D45-6DDB-11EE-9898-00E081B7AA2D
HistoryOct 18, 2023 - 12:00 a.m.

jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty

2023-10-1800:00:00
vuxml.freebsd.org
13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.72 High

EPSS

Percentile

98.0%

JSON

Jenkins Security Advisory:

Description
(High) SECURITY-3291 / CVE-2023-36478, CVE-2023-44487
HTTP/2 denial of service vulnerability in bundled Jetty

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchjenkins< 2.428UNKNOWN
FreeBSDanynoarchjenkins-lts< 2.414.3UNKNOWN

Related

nessus 55
debian 3
osv 23
ibm 23
openvas 20
github 3
cve 1
atlassian 3
veracode 1
alpinelinux 1
ubuntucve 1
debiancve 1
prion 1
redhatcve 1
redos 1
f5 1
fedora 13
redhat 12
ubuntu 2
oraclelinux 7
rocky 5
amazon 1
cbl_mariner 12
hivepro 1
cloudfoundry 1
impervablog 2
freebsd 1
githubexploit 3
nessus
nessus
Jenkins LTS < 2.414.3 / Jenkins weekly < 2.428 Multiple Vulnerabilities
2023-10-18 00:00:00
Debian DSA-5540-1 : jetty9 - security update
2023-10-31 00:00:00
FreeBSD : jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty (1ee26d45-6ddb-11ee-9898-00e081b7aa2d)
2023-10-18 00:00:00
debian
debian
[SECURITY] [DSA 5540-1] jetty9 security update
2023-10-30 19:52:02
[SECURITY] [DLA 3641-1] jetty9 security update
2023-10-30 20:10:54
[SECURITY] [DSA 5522-3] tomcat9 regression update
2023-10-16 21:36:38
osv
osv
jetty9 - security update
2023-10-30 00:00:00
jetty9 - security update
2023-10-30 00:00:00
HTTP/2 HPACK integer overflow and buffer allocation
2023-10-10 21:16:23
ibm
ibm
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty
2023-11-21 03:14:20
Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty.
2024-02-21 13:00:16
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty.
2023-11-21 03:12:00
openvas
openvas
Debian: Security Advisory (DSA-5540-1)
2023-10-31 00:00:00
Debian: Security Advisory (DLA-3641-1)
2023-10-31 00:00:00
Eclipse Jetty HTTP/2 HPACK DoS Vulnerability (GHSA-wgh7-54f2-x98r) - Linux
2023-10-12 00:00:00
github
github
HTTP/2 HPACK integer overflow and buffer allocation
2023-10-10 21:16:23
github.com/kumahq/kuma affected by CVE-2023-44487
2023-10-17 12:41:55
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
2023-10-10 22:22:54
cve
cve
CVE-2023-36478
2023-10-10 17:15:11
atlassian
atlassian
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Confluence Data Center and Server
2024-03-07 02:45:51
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Bitbucket Data Center and Server
2023-12-14 07:45:23
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Bamboo Data Center and Server
2023-12-19 10:45:37
veracode
veracode
Denial Of Service (DoS)
2023-10-12 05:13:43
alpinelinux
alpinelinux
CVE-2023-36478
2023-10-10 17:15:11
ubuntucve
ubuntucve
CVE-2023-36478
2023-10-10 00:00:00
debiancve
debiancve
CVE-2023-36478
2023-10-10 17:15:11
prion
prion
Integer overflow
2023-10-10 17:15:00
redhatcve
redhatcve
CVE-2023-36478
2023-10-11 10:42:39
redos
redos
ROS-20240402-07
2024-04-02 00:00:00
f5
f5
K000137106 : HTTP/2 vulnerability CVE-2023-44487
2023-10-10 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: nghttp2-1.52.0-2.fc38
2023-10-15 01:44:28
[SECURITY] Fedora 37 Update: proxygen-2023.10.16.00-1.fc37
2023-10-24 01:13:18
[SECURITY] Fedora 38 Update: wdt-1.32.1910230^20230711git3b52ef5-2.fc38
2023-10-24 01:23:50
redhat
redhat
(RHSA-2023:5803) Important: nodejs:16 security update
2023-10-17 16:18:02
(RHSA-2023:5945) Important: Red Hat AMQ Broker 7.10.4 release and security update
2023-10-19 18:58:39
(RHSA-2023:5715) Moderate: nginx:1.20 security update
2023-10-16 08:08:57
ubuntu
ubuntu
.NET vulnerability
2023-10-10 00:00:00
nghttp2 vulnerability
2023-11-22 00:00:00
oraclelinux
oraclelinux
tomcat security update
2023-10-23 00:00:00
dotnet6.0 security update
2023-10-18 00:00:00
dotnet6.0 security update
2023-10-18 00:00:00
rocky
rocky
nodejs:16 security update
2023-10-24 18:36:24
tomcat security update
2023-10-24 18:35:47
dotnet6.0 security update
2023-10-24 18:36:50
amazon
amazon
Important: nginx
2023-10-16 13:45:00
cbl_mariner
cbl_mariner
CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13
2024-02-14 17:05:34
CVE-2023-44487 affecting package rook for versions less than 1.6.2-14
2024-02-14 17:05:34
CVE-2023-44487 affecting package golang for versions less than 1.20.7-2
2023-01-03 21:02:14
hivepro
hivepro
HTTP2 Zero-Day Exploited for the Most Explosive DDoS Attacks
2023-10-12 08:09:28
cloudfoundry
cloudfoundry
USN-6505-1: nghttp2 vulnerability | Cloud Foundry
2024-03-18 00:00:00
impervablog
impervablog
Protecting Against HTTP/2 Rapid Reset: CVE-2023-44487
2023-10-10 12:24:39
HTTP/2 Rapid Reset Mitigation With Imperva WAF
2024-01-03 14:21:45
freebsd
freebsd
varnish -- HTTP/2 Rapid Reset Attack
2023-11-13 00:00:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-10-25 09:11:46
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-10-16 11:07:50
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-11-10 08:38:51

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.72 High

EPSS

Percentile

98.0%

JSON
Related for 1EE26D45-6DDB-11EE-9898-00E081B7AA2D
nessus55debian3osv23ibm23openvas20github3cve1atlassian3veracode1alpinelinux1ubuntucve1debiancve1prion1redhatcve1redos1f51fedora13redhat12ubuntu2oraclelinux7rocky5amazon1cbl_mariner12hivepro1cloudfoundry1impervablog2freebsd1githubexploit3