Linux Distros Unpatched Vulnerability : CVE-2023-40167

🗓️ 05 Mar 2025 00:00:00Reported by TenableType

Linux/Unix host has unpatched Jetty vulnerability CVE-2023-40167 without vendor patch available.

Reporter	Title	Published	Views	Family All 154
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023	26 Mar 202504:03	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 20 (4.2.0.20)	11 Nov 202411:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow	3 Jun 202413:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Operational Decision Manager October 2023 - Multiple CVEs addressed	19 Oct 202311:13	–	ibm
IBM Security Bulletins	Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester	18 Dec 202312:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector	22 Oct 202512:16	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities	11 Mar 202620:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Eclipse Jetty	29 Nov 202314:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management	20 Mar 202517:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in its dependencies (CVE-2022-45688, CVE-2023-28439, CVE-2023-33201, CVE-2023-41900, CVE-2023-36479, CVE-2023-40167, CVE-2023-36478, )	24 Mar 202514:16	–	ibm

Source	Link
access	www.access.redhat.com/security/cve/cve-2023-40167
ubuntu	www.ubuntu.com/security/CVE-2023-40167
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(226245);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/01");

  script_cve_id("CVE-2023-40167");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2023-40167");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and
    12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This
    is more permissive than allowed by the RFC and other servers routinely reject such requests with 400
    responses. There is no known exploit scenario, but it is conceivable that request smuggling could result
    if jetty is used in combination with a server that does not close the connection after sending such a 400
    response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no
    workaround as there is no known exploit scenario. (CVE-2023-40167)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2023-40167");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2023-40167");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-40167");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/09/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:jetty9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jetty-project");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/Red Hat Enterprise Linux-9", "Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04", "Host/OS/Ubuntu Linux-22.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "jetty9"}
        ]
      }
    ]
  },
  "Ubuntu Linux-22.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "22.04",
        "pkgs": [
          {"reference": "jetty9"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "jetty9"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "jetty9"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-9": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "9",
        "pkgs": [
          {"reference": "jetty-project"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

01 Sep 2025 00:00Current

7High risk

Vulners AI Score7

CVSS 3.15.3

EPSS0.04575

SSVC