Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-4210-1.NASL
HistoryOct 27, 2023 - 12:00 a.m.

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2023:4210-1)

2023-10-2700:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
suse linux
eclipse jetty
http/2
denial of service
cve-2023-36478
cgi servlet
request smuggling
weak authentication
cve-2023-36479
cve-2023-40167

8.1 High

AI Score

Confidence

High

JSON

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4210-1 advisory.

  • Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered.
    Furthermore, MetaDataBuilder.checkSize allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server.
    Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. (CVE-2023-36478)

  • Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
    (CVE-2023-36479)

  • Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. (CVE-2023-40167)

  • Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the LoginService. This impacts usages of the jetty-openid which have configured a nested LoginService and where that LoginService will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue. (CVE-2023-41900)

  • The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:4210-1. The text itself
# is copyright (C) SUSE.
##

include('compat.inc');

if (description)
{
  script_id(183942);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/09");

  script_cve_id(
    "CVE-2023-36478",
    "CVE-2023-36479",
    "CVE-2023-40167",
    "CVE-2023-41900",
    "CVE-2023-44487"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/10/31");
  script_xref(name:"SuSE", value:"SUSE-SU-2023:4210-1");
  script_xref(name:"CEA-ID", value:"CEA-2024-0004");

  script_name(english:"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2023:4210-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are
affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4210-1 advisory.

  - Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0
    through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for
    HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name
    or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is
    very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become
    negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered.
    Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative,
    potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by
    2. This means that if a user provides a negative length value (or, more precisely, a length value which,
    when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive
    number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server.
    Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions
    11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. (CVE-2023-36478)

  - Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the
    CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a
    request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet
    will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command
    prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the
    user contains a quotation mark followed by a space, the resulting command line will contain multiple
    tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
    (CVE-2023-36479)

  - Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and
    12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This
    is more permissive than allowed by the RFC and other servers routinely reject such requests with 400
    responses. There is no known exploit scenario, but it is conceivable that request smuggling could result
    if jetty is used in combination with a server that does not close the connection after sending such a 400
    response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no
    workaround as there is no known exploit scenario. (CVE-2023-40167)

  - Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15
    are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested
    `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current
    request will still treat the user as authenticated. The authentication is then cleared from the session
    and subsequent requests will not be treated as authenticated. So a request on a previously authenticated
    session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This
    impacts usages of the jetty-openid which have configured a nested `LoginService` and where that
    `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and
    11.0.16 have a patch for this issue. (CVE-2023-41900)

  - The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation
    can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215415");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215416");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215417");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1216162");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1216169");
  script_set_attribute(attribute:"see_also", value:"https://lists.suse.com/pipermail/sle-updates/2023-October/032390.html");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-36478");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-36479");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-40167");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-41900");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-44487");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-40167");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/09/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:jetty-http");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:jetty-io");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:jetty-security");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:jetty-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:jetty-servlet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:jetty-util");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:jetty-util-ajax");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES|SUSE)") audit(AUDIT_OS_NOT, "SUSE / openSUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+|SUSE([\d.]+))", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15|SUSE15\.4|SUSE15\.5)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED15" && (! preg(pattern:"^(4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED15 SP4/5", os_ver + " SP" + service_pack);
if (os_ver == "SLED_SAP15" && (! preg(pattern:"^(4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED_SAP15 SP4/5", os_ver + " SP" + service_pack);
if (os_ver == "SLES15" && (! preg(pattern:"^(2|3|4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP2/3/4/5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(2|3|4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP2/3/4/5", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jetty-annotations-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-ant-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-cdi-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-client-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-continuation-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-deploy-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-fcgi-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-http-spi-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-jaas-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-jmx-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-jndi-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-jsp-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-minimal-javadoc-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-openid-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-plus-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-proxy-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-quickstart-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-rewrite-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-servlets-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-start-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-webapp-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-xml-9.4.53-150200.3.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'jetty-annotations-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-ant-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-cdi-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-client-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-continuation-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-deploy-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-fcgi-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-http-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-http-spi-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-io-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-jaas-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-jmx-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-jndi-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-jsp-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-minimal-javadoc-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-openid-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-plus-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-proxy-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-quickstart-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-rewrite-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-security-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-server-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-servlet-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-servlets-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-start-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-util-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-util-ajax-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-webapp-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jetty-xml-9.4.53-150200.3.22.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  var ltss_plugin_caveat = NULL;
  if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jetty-annotations / jetty-ant / jetty-cdi / jetty-client / etc');
}
VendorProductVersionCPE
novellsuse_linuxjetty-httpp-cpe:/a:novell:suse_linux:jetty-http
novellsuse_linuxjetty-iop-cpe:/a:novell:suse_linux:jetty-io
novellsuse_linuxjetty-securityp-cpe:/a:novell:suse_linux:jetty-security
novellsuse_linuxjetty-serverp-cpe:/a:novell:suse_linux:jetty-server
novellsuse_linuxjetty-servletp-cpe:/a:novell:suse_linux:jetty-servlet
novellsuse_linuxjetty-utilp-cpe:/a:novell:suse_linux:jetty-util
novellsuse_linuxjetty-util-ajaxp-cpe:/a:novell:suse_linux:jetty-util-ajax
novellsuse_linux15cpe:/o:novell:suse_linux:15

Related

ibm 43
openvas 21
nessus 34
osv 22
debian 5
freebsd 1
redhat 6
redos 2
redhatcve 4
github 4
debiancve 5
wolfi 3
prion 4
cve 4
amazon 2
cgr 3
ubuntucve 4
veracode 4
alpinelinux 2
atlassian 3
impervablog 1
cbl_mariner 7
rocky 2
oraclelinux 4
fedora 7
cisa_kev 1
almalinux 1
ibm
ibm
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to multiple issues due to Eclipse Jetty.
2024-01-25 22:15:26
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to Eclipse Jetty
2024-01-16 18:00:22
Security Bulletin: IBM Storage Protect Server is vulnerable to various attacks due to Eclipse Jetty (CVE-2023-40167, CVE-2023-41900, CVE-2023-36479, CVE-2023-36478)
2023-12-15 16:30:18
openvas
openvas
openSUSE: Security Advisory for jetty (SUSE-SU-2023:4210-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4210-1)
2023-10-27 00:00:00
Debian: Security Advisory (DSA-5507-1)
2023-09-29 00:00:00
nessus
nessus
Debian DSA-5507-1 : jetty9 - security update
2023-09-29 00:00:00
FreeBSD : jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty (1ee26d45-6ddb-11ee-9898-00e081b7aa2d)
2023-10-18 00:00:00
Jenkins LTS < 2.414.3 / Jenkins weekly < 2.428 Multiple Vulnerabilities
2023-10-18 00:00:00
osv
osv
jetty9 - security update
2023-09-28 00:00:00
jetty9 - security update
2023-10-30 00:00:00
jetty9 - security update
2023-10-30 00:00:00
debian
debian
[SECURITY] [DSA 5507-1] jetty9 security update
2023-09-28 22:37:26
[SECURITY] [DSA 5540-1] jetty9 security update
2023-10-30 19:52:02
[SECURITY] [DLA 3641-1] jetty9 security update
2023-10-30 20:10:54
freebsd
freebsd
jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
2023-10-18 00:00:00
redhat
redhat
(RHSA-2023:5780) Important: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update
2023-10-17 11:41:34
(RHSA-2023:7247) Critical: Red Hat Fuse 7.12.1 release and security update
2023-11-15 17:06:12
(RHSA-2023:5946) Important: Red Hat AMQ Broker 7.11.3 release and security update
2023-10-19 18:59:57
redos
redos
ROS-20240409-12
2024-04-09 00:00:00
ROS-20240403-13
2024-04-03 00:00:00
redhatcve
redhatcve
CVE-2023-36479
2023-09-22 20:24:51
CVE-2023-41900
2023-10-30 19:43:13
CVE-2023-40167
2023-09-22 20:25:01
github
github
Jetty vulnerable to errant command quoting in CGI Servlet
2023-09-14 16:16:00
Jetty's OpenId Revoked authentication allows one request
2023-09-15 13:36:10
Jetty accepts "+" prefixed value in Content-Length
2023-09-14 16:17:27
debiancve
debiancve
CVE-2023-41900
2023-09-15 21:15:11
CVE-2023-40167
2023-09-15 20:15:09
CVE-2023-36479
2023-09-15 19:15:08
wolfi
wolfi
CVE-2023-41900 vulnerabilities
2024-05-08 15:29:17
CVE-2023-36479 vulnerabilities
2024-05-08 15:29:17
CVE-2023-40167 vulnerabilities
2024-05-08 15:29:17
prion
prion
Design/Logic Flaw
2023-09-15 19:15:00
Authentication flaw
2023-09-15 21:15:00
Integer overflow
2023-10-10 17:15:00
cve
cve
CVE-2023-36479
2023-09-15 19:15:08
CVE-2023-41900
2023-09-15 21:15:11
CVE-2023-40167
2023-09-15 20:15:09
amazon
amazon
Medium: jetty
2024-01-03 21:04:00
Medium: jetty
2024-02-15 03:52:00
cgr
cgr
CVE-2023-36479 vulnerabilities
2024-05-08 15:29:42
CVE-2023-41900 vulnerabilities
2024-05-08 15:29:42
CVE-2023-40167 vulnerabilities
2024-05-08 15:29:42
ubuntucve
ubuntucve
CVE-2023-41900
2023-09-15 00:00:00
CVE-2023-36479
2023-09-15 00:00:00
CVE-2023-40167
2023-09-15 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-10-12 05:13:43
Arbitrary Code Execution
2023-09-20 10:17:36
HTTP Request Smuggling
2023-09-20 09:06:57
alpinelinux
alpinelinux
CVE-2023-36478
2023-10-10 17:15:11
CVE-2023-44487
2023-10-10 14:15:10
atlassian
atlassian
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Bitbucket Data Center and Server
2023-12-14 07:45:23
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Bamboo Data Center and Server
2023-12-19 10:45:37
DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Confluence Data Center and Server
2024-03-07 02:45:51
impervablog
impervablog
HTTP/2 Rapid Reset Mitigation With Imperva WAF
2024-01-03 14:21:45
cbl_mariner
cbl_mariner
CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7
2024-03-21 08:27:20
CVE-2023-44487 affecting package skopeo for versions less than 1.12.0-4
2024-02-25 03:00:06
CVE-2023-44487 affecting package node-problem-detector for versions less than 0.8.10-16
2024-03-21 08:09:05
rocky
rocky
.NET 7.0 security update
2023-10-24 18:36:50
nghttp2 security update
2023-11-11 23:00:24
oraclelinux
oraclelinux
nghttp2 security update
2023-10-19 00:00:00
nodejs:16 security update
2023-10-20 00:00:00
nghttp2 security update
2023-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: folly-2023.10.16.00-1.fc37
2023-10-24 01:13:18
[SECURITY] Fedora 38 Update: mcrouter-0.41.0.20231016-1.fc38
2023-10-24 01:23:49
[SECURITY] Fedora 38 Update: proxygen-2023.10.16.00-1.fc38
2023-10-24 01:23:49
cisa_kev
cisa_kev
HTTP/2 Rapid Reset Attack Vulnerability
2023-10-10 00:00:00
almalinux
almalinux
Important: tomcat security update
2023-10-19 00:00:00

8.1 High

AI Score

Confidence

High

JSON
Related for SUSE_SU-2023-4210-1.NASL
ibm43openvas21nessus34osv22debian5freebsd1redhat6redos2redhatcve4github4debiancve5wolfi3prion4cve4amazon2cgr3ubuntucve4veracode4alpinelinux2atlassian3impervablog1cbl_mariner7rocky2oraclelinux4fedora7cisa_kev1almalinux1