A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.

References

bugzilla.redhat.com/show_bug.cgi?id=2236341

github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c

nvd.nist.gov/vuln/detail/CVE-2023-26049

www.cve.org/CVERecord?id=CVE-2023-26049

cve 1

osv 4

ibm 37

veracode 1

nessus 12

cgr 1

ubuntucve 1

githubexploit 3

prion 1

cvelist 1

github 1

debiancve 1

wolfi 1

openvas 4

debian 2

redhat 13

oracle 2

cve

CVE-2023-26049

2023-04-18 21:15:09

osv

CVE-2023-26049

2023-04-18 21:15:09

Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies

2023-04-18 22:19:57

jetty9 - security update

2023-09-30 00:00:00

ibm

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2023-26049]

2023-07-31 11:08:28

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Eclipse Jetty (CVE-2023-26049)

2023-11-16 20:40:24

Security Bulletin: There is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)

2023-11-21 13:24:41

veracode

Information Disclosure

2023-04-24 04:51:24

nessus

Oracle Coherence (Jul 2023 CPU)

2023-07-24 00:00:00

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2023:2539-1)

2023-06-20 00:00:00

Debian DLA-3592-1 : jetty9 - LTS security update

2023-10-01 00:00:00

cgr

CVE-2023-26049 vulnerabilities

2024-05-17 15:41:37

ubuntucve

CVE-2023-26049

2023-04-18 00:00:00

githubexploit

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Eclipse Jetty

2023-11-27 07:25:34

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Eclipse Jetty

2023-11-01 09:55:19

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Eclipse Jetty

2023-10-31 10:53:27

prion

Design/Logic Flaw

2023-04-18 21:15:00

cvelist

CVE-2023-26049 Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty

2023-04-18 20:35:36

github

Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies

2023-04-18 22:19:57

debiancve

CVE-2023-26049

2023-04-18 21:15:09

wolfi

CVE-2023-26049 vulnerabilities

2024-05-17 16:29:45

openvas

Eclipse Jetty Multiple Vulnerabilities (GHSA-qw69-rqj8-6qw8, GHSA-p26g-97m4-6q7c) - Linux

2023-04-21 00:00:00

Eclipse Jetty Multiple Vulnerabilities (GHSA-qw69-rqj8-6qw8, GHSA-p26g-97m4-6q7c) - Windows

2023-04-21 00:00:00

Debian: Security Advisory (DLA-3592-1)

2023-10-02 00:00:00

debian

[SECURITY] [DLA 3592-1] jetty9 security update

2023-09-30 12:36:17

[SECURITY] [DSA 5507-1] jetty9 security update

2023-09-28 22:37:26

redhat

(RHSA-2023:7637) Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update

2023-12-04 17:37:49

(RHSA-2023:7641) Important: Red Hat JBoss Enterprise Application Platform 7.4.14 security update

2023-12-04 18:00:34

(RHSA-2024:0799) Important: Red Hat Single Sign-On 7.6.7 security update on RHEL 8

2024-02-13 16:48:55

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.001 Low

EPSS

Percentile

40.3%

JSON

Related for RH:CVE-2023-26049