According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to < 9.4.21. It is, therefore, affected by multiple vulnerabilities:
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. (CVE-2019-9518)
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. (CVE-2019-9516)
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. (CVE-2019-9515)
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. (CVE-2019-9514)
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. (CVE-2019-9512)
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. (CVE-2019-9511)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
www.eclipse.org/lists/jetty-announce/msg00134.html