K000157844: Jetty vulnerabilities CVE-2023-36478, CVE-2024-6763, CVE-2023-26049, CVE-2024-8184, and CVE-2023-41900

Security Advisory Description CVE-2023-36478 Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size...

Security Bulletin: Vulnerabilities found in Jetty may affect IBM Content Collector for SAP Applications

Summary IBM Content Collector for SAP Applications may be affected by multiple vulnerabilities found in Jetty. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...

openSUSE: Security Advisory for jetty (SUSE-SU-2023:4210-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities in IBM® Semeru Java™ Version 11 and Eclipse Jetty

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 and Eclipse Jetty used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.20.0 CVE-2023-22049, CVE-2023-22036 and Eclipse Jetty 10.0.17...

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...

Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Eclipse Jetty

Summary IBM Sterling Connect:Direct Browser User Interface uses Eclipse Jetty server. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty

Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the optional nested...

[SECURITY] [DSA 5507-1] jetty9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5507-1 [email protected] https://www.debian.org/security/ Markus Koschany September 28, 2023 https://www.debian.org/security/faq -...

CVE-2023-41900 vulnerabilities

Vulnerabilities for packages: cloudwatch-exporter...

DEBIAN-CVE-2023-41900

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...

CVE-2023-41900

CVE-2023-41900 affects Jetty: versions 9.4.21–9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication through OpenIdAuthenticator with a nested LoginService; if the LoginService revokes an already authenticated user, the session may still be treated as authenticated, potentially allowi...