Security Bulletin:Jetty URI Parser Differences and Potential Security Implications

Summary The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs...

SUSE CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

GHSA-WJPW-4J6X-6RWH org.eclipse.jetty:jetty-http has different parsing of invalid URIs

The Jetty URI parser has some key differences compared to other common parsers when evaluating invalid or unusual URIs. Specifically: Invalid Scheme | URI | Jetty | uri-js nodejs | node-urlnodejs | |---|---|---| --- | | https://vulndetector.com/path | scheme=http| scheme=https | invalid URI |...

EUVD-2025-208311

org.eclipse.jetty:jetty-http has different parsing of invalid URIs...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

CVE-2025-11143

Summary of CVE-2025-11143 : The Jetty HTTP URI parser has differences in handling invalid/unusual URIs, causing potential security by‑pass or leakage of implementation details when multiple components parse URIs differently. Public sources describe practical implications as differential parsing a...

Security Bulletin: The HttpURI class does insufficient validation on the authority segment of a URI, which affects IBM watsonx.data

Summary Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common...