Lucene search
K

27 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 7:5 a.m.8 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Eclipse Jetty

Summary Vulnerabilities have been identified in Eclipse Jetty, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can rea...

7.8CVSS7.5AI score0.53861EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.14 views

Amazon Linux 2 : jetty (ALAS-2025-2871)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2871 advisory. In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Tenable has extracted the precedin...

7.8CVSS6.9AI score0.53861EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2021-28165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame...

7.8CVSS6.8AI score0.53861EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 12:45 a.m.46 views

Security Bulletin: Multiple security vulnerabilities in Eclipse Jetty affect IBM Security Directory Integrator

Summary The IBM Security Directory Integrator was vulnerable to multiple security vulnerabilities in the Eclipse Jetty component. This was addressed in version 10 of the IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2017-9735 DESCRIPTION: Jetty could allow a remote attacker t...

9.8CVSS9AI score0.7848EPSS
Exploits5Affected Software1
Broadcom
Broadcom
added 2024/05/01 12:0 a.m.14 views

Statement on Jetty vulnerabilities in Brocade SANav

A Security Researcher performing penetration testing raises CVEs in the Jetty version used by Brocade SANnav v2.1.1. Brocade Statement All supported versions of Brocade SANnav do not directly use Jetty. The code is present within some versions of the SANnav product as it is contained within other...

9.4CVSS5.8AI score0.99298EPSS
Exploits19
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/12 9:48 p.m.42 views

Security Bulletin: A CVE-2021-28165 vulnerability in Eclipse Jetty affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary A vulnerability exists in Eclipse Jetty, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: Eclipse Jetty is...

7.8CVSS7.3AI score0.53861EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:57 p.m.52 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2021-28165)

Summary There is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: Eclipse Jetty i...

7.8CVSS7.5AI score0.53861EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 11:29 a.m.35 views

Security Bulletin: Vulnerability found in Eclipse Jetty may affect IBM Enterprise Records

Summary IBM Enterprise Records may be affected by vulnerability found in Eclipse Jetty. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could...

7.5CVSS7.4AI score0.53861EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/29 6:27 a.m.78 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, cause...

7.8CVSS7.2AI score0.99298EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/15 3:38 p.m.49 views

Security Bulletin: IBM MQ is vulnerable to an issue in Eclipse Jetty (CVE-2021-28165)

Summary An issue was identified in Eclipse Jetty that affects IBM MQ. Eclipse Jetty is used within the MQ Explorer, MQ Salesforce Bridge and MQ Blockchain Bridge components. Vulnerability Details CVEID: CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by...

7.8CVSS1.1AI score0.53861EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/04 12:0 a.m.598 views

Jetty < 9.4.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.39, 10.0.x prior to 10.0.2 or 11.0.x prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities: - An issue where CPU usage can reach 100% with a large invalid TLS...

7.8CVSS6.6AI score0.82371EPSS
Exploits9References6
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:2 a.m.35 views

Security Bulletin: CVE-2021-28165 In Eclipse Jetty CPU usage can reach 100% upon receiving a large invalid TLS frame.

Summary CVE-2021-28165 In Eclipse Jetty CPU usage can reach 100% upon receiving a large invalid TLS frame. Vulnerability Details CVEID: CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a...

7.8CVSS0.4AI score0.53861EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/14 6:24 p.m.43 views

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Eclipse Jetty ( CVE-2021-28163, CVE-2021-28165, CVE-2020-27223)

Summary IBM Security SOAR includes an older version of Eclipse Jetty that may be identified and exploited. Vulnerability Details CVEID: CVE-2021-28163 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the $jetty.base...

7.8CVSS0.2AI score0.7795EPSS
Exploits2
OpenVAS
OpenVAS
added 2021/07/13 12:0 a.m.38 views

openSUSE: Security Advisory for jetty-minimal (openSUSE-SU-2021:2005-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS6.7AI score0.82371EPSS
Exploits11References2
RedHat Linux
RedHat Linux
added 2021/07/12 12:12 p.m.135 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.8.2 release and security update

Red Hat AMQ Broker 7.8.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.8CVSS6.7AI score0.82371EPSS
Exploits10References11
OSV
OSV
added 2021/07/11 8:5 a.m.12 views

OPENSUSE-SU-2021:2005-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Update to version 9.4.42.v20210604 - Fix: bsc1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc1184367, CVE-2021-28165 - jet...

7.8CVSS5AI score0.82371EPSS
Exploits11References9
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/11 12:0 a.m.110 views

Security update for jetty-minimal (important)

openSUSE Security Update: Security update for jetty-minimal Announcement ID: openSUSE-SU-2021:2005-1 Rating: important References: 1184366 1184367 1184368 1187117 Cross-References: CVE-2021-28163 CVE-2021-28164 CVE-2021-28165 CVE-2021-28169 CVSS scores: CVE-2021-28163 NVD : 2.7...

7.5CVSS7.6AI score0.82371EPSS
Exploits11References4
OpenVAS
OpenVAS
added 2021/06/18 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2021:2005-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.2AI score0.82371EPSS
Exploits11References2
OSV
OSV
added 2021/06/17 4:4 p.m.16 views

SUSE-SU-2021:2005-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Update to version 9.4.42.v20210604 - Fix: bsc1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc1184367, CVE-2021-28165 - jet...

7.8CVSS4.9AI score0.82371EPSS
Exploits11References9
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.25 views

Eclipse Jetty DoS Vulnerability (GHSA-26vr-8j45-3r4w) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

7.8CVSS7.5AI score0.53861EPSS
Exploits1References1
Rows per page
Query Builder