The vulnerability of the HttpURI class in Eclipse Jetty’s server container allows a attacker to perform an SSRF attack.

The vulnerability of the HttpURI class in Eclipse Jetty’s server container is related to improper syntax validation during input processing. Exploiting this vulnerability allows an attacker to perform an SSRF attack remotely...

Eclipse Jetty URI parsing of invalid authority

Summary Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common...

CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

Security Bulletin: There is a vulnerability in Eclipse Jetty used by IBM Maximo Asset Management (CVE-2022-2047)

Summary There is a vulnerability in Eclipse Jetty used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a...