Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310833061HistoryMar 04, 2024 - 12:00 a.m.
openSUSE: Security Advisory for jetty (SUSE-SU-2023:4210-1)
2024-03-0400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
4
opensuse
security advisory
jetty
suse-su-2023:4210-1
cve-2023-44487
cve-2023-36478
cve-2023-40167
cve-2023-36479
cve-2023-41900
update
version 9.4.53.v20231009
security issues
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.1 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.72 High
EPSS
Percentile
98.0%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.833061");
script_version("2024-04-26T15:38:47+0000");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
script_cve_id("CVE-2023-36478", "CVE-2023-36479", "CVE-2023-40167", "CVE-2023-41900", "CVE-2023-44487");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"last_modification", value:"2024-04-26 15:38:47 +0000 (Fri, 26 Apr 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-10-13 19:32:37 +0000 (Fri, 13 Oct 2023)");
script_tag(name:"creation_date", value:"2024-03-04 07:31:52 +0000 (Mon, 04 Mar 2024)");
script_name("openSUSE: Security Advisory for jetty (SUSE-SU-2023:4210-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSELeap15\.4|openSUSELeap15\.5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:4210-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/OMOXT4FBYZ4G7QODEZBPYFKQZCB3OZII");
script_tag(name:"summary", value:"The remote host is missing an update for the 'jetty'
package(s) announced via the SUSE-SU-2023:4210-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for jetty-minimal fixes the following issues:
* Updated to version 9.4.53.v20231009:
* CVE-2023-44487: Fixed a potential denial of service scenario via RST frame
floods (bsc#1216169).
* CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder
(bsc#1216162).
* CVE-2023-40167: Fixed a permissive HTTP header parsing issue that could
potentially lead to HTTP smuggling attacks (bsc#1215417).
* CVE-2023-36479: Fixed an incorrect command execution when sending requests
with certain characters in requested filenames (bsc#1215415).
* CVE-2023-41900: Fixed an issue where an invalidated session would be allowed
to perform a single request (bsc#1215416).
##");
script_tag(name:"affected", value:"'jetty' package(s) on openSUSE Leap 15.4, openSUSE Leap 15.5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.4") {
if(!isnull(res = isrpmvuln(pkg:"jetty-cdi", rpm:"jetty-cdi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-servlets", rpm:"jetty-servlets~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-util", rpm:"jetty-util~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-rewrite", rpm:"jetty-rewrite~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-ant", rpm:"jetty-ant~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-openid", rpm:"jetty-openid~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-start", rpm:"jetty-start~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-io", rpm:"jetty-io~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-fcgi", rpm:"jetty-fcgi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-util-ajax", rpm:"jetty-util-ajax~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-webapp", rpm:"jetty-webapp~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-proxy", rpm:"jetty-proxy~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-continuation", rpm:"jetty-continuation~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-server", rpm:"jetty-server~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-quickstart", rpm:"jetty-quickstart~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-annotations", rpm:"jetty-annotations~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-servlet", rpm:"jetty-servlet~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jndi", rpm:"jetty-jndi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-minimal-javadoc", rpm:"jetty-minimal-javadoc~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-plus", rpm:"jetty-plus~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-http-spi", rpm:"jetty-http-spi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-xml", rpm:"jetty-xml~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jmx", rpm:"jetty-jmx~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-http", rpm:"jetty-http~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jsp", rpm:"jetty-jsp~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-deploy", rpm:"jetty-deploy~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-client", rpm:"jetty-client~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-security", rpm:"jetty-security~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jaas", rpm:"jetty-jaas~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-cdi", rpm:"jetty-cdi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-servlets", rpm:"jetty-servlets~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-util", rpm:"jetty-util~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-rewrite", rpm:"jetty-rewrite~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-ant", rpm:"jetty-ant~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-openid", rpm:"jetty-openid~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-start", rpm:"jetty-start~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-io", rpm:"jetty-io~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-fcgi", rpm:"jetty-fcgi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-util-ajax", rpm:"jetty-util-ajax~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-webapp", rpm:"jetty-webapp~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-proxy", rpm:"jetty-proxy~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-continuation", rpm:"jetty-continuation~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-server", rpm:"jetty-server~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-quickstart", rpm:"jetty-quickstart~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-annotations", rpm:"jetty-annotations~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-servlet", rpm:"jetty-servlet~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jndi", rpm:"jetty-jndi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-minimal-javadoc", rpm:"jetty-minimal-javadoc~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-plus", rpm:"jetty-plus~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-http-spi", rpm:"jetty-http-spi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-xml", rpm:"jetty-xml~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jmx", rpm:"jetty-jmx~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-http", rpm:"jetty-http~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jsp", rpm:"jetty-jsp~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-deploy", rpm:"jetty-deploy~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-client", rpm:"jetty-client~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-security", rpm:"jetty-security~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jaas", rpm:"jetty-jaas~9.4.53~150200.3.22.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "openSUSELeap15.5") {
if(!isnull(res = isrpmvuln(pkg:"jetty-cdi", rpm:"jetty-cdi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-servlets", rpm:"jetty-servlets~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-util", rpm:"jetty-util~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-rewrite", rpm:"jetty-rewrite~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-ant", rpm:"jetty-ant~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-openid", rpm:"jetty-openid~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-start", rpm:"jetty-start~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-io", rpm:"jetty-io~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-fcgi", rpm:"jetty-fcgi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-util-ajax", rpm:"jetty-util-ajax~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-webapp", rpm:"jetty-webapp~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-proxy", rpm:"jetty-proxy~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-continuation", rpm:"jetty-continuation~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-server", rpm:"jetty-server~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-quickstart", rpm:"jetty-quickstart~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-annotations", rpm:"jetty-annotations~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-servlet", rpm:"jetty-servlet~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jndi", rpm:"jetty-jndi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-minimal-javadoc", rpm:"jetty-minimal-javadoc~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-plus", rpm:"jetty-plus~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-http-spi", rpm:"jetty-http-spi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-xml", rpm:"jetty-xml~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jmx", rpm:"jetty-jmx~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-http", rpm:"jetty-http~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jsp", rpm:"jetty-jsp~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-deploy", rpm:"jetty-deploy~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-client", rpm:"jetty-client~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-security", rpm:"jetty-security~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jaas", rpm:"jetty-jaas~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-cdi", rpm:"jetty-cdi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-servlets", rpm:"jetty-servlets~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-util", rpm:"jetty-util~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-rewrite", rpm:"jetty-rewrite~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-ant", rpm:"jetty-ant~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-openid", rpm:"jetty-openid~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-start", rpm:"jetty-start~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-io", rpm:"jetty-io~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-fcgi", rpm:"jetty-fcgi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-util-ajax", rpm:"jetty-util-ajax~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-webapp", rpm:"jetty-webapp~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-proxy", rpm:"jetty-proxy~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-continuation", rpm:"jetty-continuation~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-server", rpm:"jetty-server~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-quickstart", rpm:"jetty-quickstart~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-annotations", rpm:"jetty-annotations~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-servlet", rpm:"jetty-servlet~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jndi", rpm:"jetty-jndi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-minimal-javadoc", rpm:"jetty-minimal-javadoc~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-plus", rpm:"jetty-plus~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-http-spi", rpm:"jetty-http-spi~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-xml", rpm:"jetty-xml~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jmx", rpm:"jetty-jmx~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-http", rpm:"jetty-http~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jsp", rpm:"jetty-jsp~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-deploy", rpm:"jetty-deploy~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-client", rpm:"jetty-client~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-security", rpm:"jetty-security~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"jetty-jaas", rpm:"jetty-jaas~9.4.53~150200.3.22.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);Related
ibm
ibm
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4210-1)
2023-10-27 00:00:00
Debian: Security Advisory (DSA-5507-1)
2023-09-29 00:00:00
Debian: Security Advisory (DSA-5540-1)
2023-10-31 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2023:4210-1)
2023-10-27 00:00:00
Debian DSA-5507-1 : jetty9 - security update
2023-09-29 00:00:00
osv
osv
jetty9 - security update
2023-09-28 00:00:00
jetty9 - security update
2023-10-30 00:00:00
jetty9 - security update
2023-10-30 00:00:00
debian
debian
[SECURITY] [DSA 5507-1] jetty9 security update
2023-09-28 22:37:26
[SECURITY] [DSA 5540-1] jetty9 security update
2023-10-30 19:52:02
[SECURITY] [DLA 3641-1] jetty9 security update
2023-10-30 20:11:26
freebsd
freebsd
jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
2023-10-18 00:00:00
redhat
redhat
redos
redos
ROS-20240409-12
2024-04-09 00:00:00
ROS-20240403-13
2024-04-03 00:00:00
redhatcve
redhatcve
github
github
Jetty vulnerable to errant command quoting in CGI Servlet
2023-09-14 16:16:00
Jetty's OpenId Revoked authentication allows one request
2023-09-15 13:36:10
Jetty accepts "+" prefixed value in Content-Length
2023-09-14 16:17:27
prion
prion
Design/Logic Flaw
2023-09-15 19:15:00
Authentication flaw
2023-09-15 21:15:00
Integer overflow
2023-10-10 17:15:00
cve
cve
amazon
amazon
Medium: jetty
2024-01-03 21:04:00
Medium: jetty
2024-02-15 03:52:00
debiancve
debiancve
wolfi
wolfi
CVE-2023-41900 vulnerabilities
2024-05-08 21:18:58
CVE-2023-36479 vulnerabilities
2024-05-08 21:18:58
CVE-2023-40167 vulnerabilities
2024-05-08 21:18:58
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (DoS)
2023-10-12 05:13:43
Arbitrary Code Execution
2023-09-20 10:17:36
Weak Authentication
2023-09-20 08:38:31
alpinelinux
alpinelinux
CVE-2023-36478
2023-10-10 17:15:11
CVE-2023-44487
2023-10-10 14:15:10
atlassian
atlassian
cgr
cgr
CVE-2023-41900 vulnerabilities
2024-05-08 21:08:34
CVE-2023-36479 vulnerabilities
2024-05-08 21:08:34
CVE-2023-40167 vulnerabilities
2024-05-08 21:08:34
impervablog
impervablog
HTTP/2 Rapid Reset Mitigation With Imperva WAF
2024-01-03 14:21:45
cbl_mariner
cbl_mariner
CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7
2024-03-21 08:27:20
CVE-2023-44487 affecting package skopeo for versions less than 1.12.0-4
2024-02-25 03:00:06
rocky
rocky
.NET 7.0 security update
2023-10-24 18:36:50
nghttp2 security update
2023-11-11 23:00:24
oraclelinux
oraclelinux
nghttp2 security update
2023-10-19 00:00:00
nodejs:16 security update
2023-10-20 00:00:00
nghttp2 security update
2023-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: folly-2023.10.16.00-1.fc37
2023-10-24 01:13:18
[SECURITY] Fedora 38 Update: mcrouter-0.41.0.20231016-1.fc38
2023-10-24 01:23:49
[SECURITY] Fedora 38 Update: proxygen-2023.10.16.00-1.fc38
2023-10-24 01:23:49
cisa_kev
cisa_kev
HTTP/2 Rapid Reset Attack Vulnerability
2023-10-10 00:00:00
almalinux
almalinux
Important: tomcat security update
2023-10-19 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.1 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.72 High
EPSS
Percentile
98.0%
Related for OPENVAS:1361412562310833061