Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5590D2965814143668474CA3B28CC3CBCC339327D7913B15D1D0767DEEEB9FD8
HistoryOct 31, 2023 - 11:23 a.m.

Security Bulletin: Vulnerability in jetty-http-9.4.51.v20230217.jar affects IBM Integrated Analytics System (Sailfish) [CVE-2023-40167]

2023-10-3111:23:00
www.ibm.com
30
ibm integrated analytics system
sailfish
jetty
vulnerability
upgrade
cve-2023-40167

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.001

Percentile

30.4%

JSON

Summary

The jetty-http-9.4.51.v20230217.jar is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVE[CVE-2023-40167]

Vulnerability Details

CVEID:CVE-2023-40167
**DESCRIPTION:**Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted request, a remote attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Integrated Analytics System 1.0.0-1.0.28.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading to latest version.

Affected Product(s) VRMF Remediation/Fixes
IBM Integrated Analytics System 1.0.28.1 Link to Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsmart_analytics_system_7710Matchany
VendorProductVersionCPE
ibmsmart_analytics_system_7710anycpe:2.3:a:ibm:smart_analytics_system_7710:any:*:*:*:*:*:*:*

Related

ibm 37
amazon 1
openvas 6
osv 6
ubuntucve 1
veracode 1
redhatcve 1
cve 1
wolfi 1
debiancve 1
nvd 1
prion 1
nessus 11
cvelist 1
cgr 1
github 1
vulnrichment 1
redhat 10
redos 2
debian 2
oracle 4
ibm
ibm
Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-40167].
2024-02-09 08:57:35
Security Bulletin: IBM Event Streams is vulnerable to HTTP request smuggling (CVE-2023-40167)
2024-03-15 06:17:49
Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-40167]
2024-03-05 11:37:57
amazon
amazon
Medium: jetty
2024-02-15 03:52:00
openvas
openvas
Eclipse Jetty HTTP Header Vulnerability (GHSA-hmr7-m48g-48f6) - Linux
2023-09-19 00:00:00
Eclipse Jetty HTTP Header Vulnerability (GHSA-hmr7-m48g-48f6) - Windows
2023-09-19 00:00:00
Debian: Security Advisory (DLA-3592-1)
2023-10-02 00:00:00
osv
osv
CVE-2023-40167
2023-09-15 20:15:09
Jetty accepts "+" prefixed value in Content-Length
2023-09-14 16:17:27
CGA-j3h8-74jw-2w8w
2024-06-06 12:28:00
ubuntucve
ubuntucve
CVE-2023-40167
2023-09-15 00:00:00
veracode
veracode
HTTP Request Smuggling
2023-09-20 09:06:57
redhatcve
redhatcve
CVE-2023-40167
2023-09-22 20:25:01
cve
cve
CVE-2023-40167
2023-09-15 20:15:09
wolfi
wolfi
CVE-2023-40167 vulnerabilities
2024-09-29 21:19:23
debiancve
debiancve
CVE-2023-40167
2023-09-15 20:15:09
nvd
nvd
CVE-2023-40167
2023-09-15 20:15:09
prion
prion
Design/Logic Flaw
2023-09-15 20:15:00
nessus
nessus
Amazon Linux 2 : jetty (ALAS-2024-2460)
2024-02-19 00:00:00
RHEL 8 : jetty (Unpatched Vulnerability)
2024-06-03 00:00:00
Oracle Enterprise Manager Cloud Control (Jul 2024 CPU)
2024-07-18 00:00:00
cvelist
cvelist
CVE-2023-40167 Jetty accepts "+" prefixed value in Content-Length
2023-09-15 19:37:37
cgr
cgr
CVE-2023-40167 vulnerabilities
2024-05-19 03:07:16
github
github
Jetty accepts "+" prefixed value in Content-Length
2023-09-14 16:17:27
vulnrichment
vulnrichment
CVE-2023-40167 Jetty accepts "+" prefixed value in Content-Length
2023-09-15 19:37:37
redhat
redhat
(RHSA-2023:5780) Important: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update
2023-10-17 11:41:34
(RHSA-2023:5946) Important: Red Hat AMQ Broker 7.11.3 release and security update
2023-10-19 18:59:57
(RHSA-2023:7697) Moderate: AMQ Clients 2023.Q4
2023-12-07 13:39:41
redos
redos
ROS-20240730-08
2024-07-30 00:00:00
ROS-20240409-12
2024-04-09 00:00:00
debian
debian
[SECURITY] [DLA 3592-1] jetty9 security update
2023-09-30 12:35:53
[SECURITY] [DSA 5507-1] jetty9 security update
2023-09-28 22:37:26
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.001

Percentile

30.4%

JSON
Related for 5590D2965814143668474CA3B28CC3CBCC339327D7913B15D1D0767DEEEB9FD8
ibm37amazon1openvas6osv6ubuntucve1veracode1redhatcve1cve1wolfi1debiancve1nvd1prion1nessus11cvelist1cgr1github1vulnrichment1redhat10redos2debian2oracle4