19 matches found
Astra Linux – Vulnerability in Jetty9
Jetty is a Java-based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or perform unintended behaviors by tampering with the cookie parsing mechanism. If Jetty encounters a cookie value that starts with a double quot...
Astra Linux – Vulnerability in Jetty9
Jetty is a Java-based web server and servlet engine. An HTTP/2 SSL connection that is established and becomes TCP congested may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the serve...
Astra Linux – Vulnerability in Jetty9
There exists a security vulnerability in Jetty’s DosFilter that can be exploited by unauthorized users to cause remote denial-of-service DoS attacks on servers using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server’s memory...
Astra Linux – Vulnerability in Jetty9
In Eclipse Jetty versions 9.2.26 and earlier, 9.3.25 and earlier, as well as 9.4.15 and earlier, the server is vulnerable to XSS attacks if a remote client uses a specially formatted URL against the DefaultServlet or ResourceHandler that is configured to display a listing of directory contents...
Astra Linux – Vulnerability in Jetty9
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory...
Astra Linux – Vulnerability in Jetty9
In Eclipse Jetty versions 7.x, 8.x, 9.2.27 and earlier, 9.3.26 and earlier, and 9.4.16 and earlier, the server running on any operating system and Jetty version combination will display a 404 error in the output, indicating that no Context matching the requested path was found. The default server...
Astra Linux – Vulnerability in Jetty9
Jetty is a Java-based web server and servlet engine. In affected versions, servlets that support multipart requests e.g., annotated with @MultipartConfig and call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause an OutOfMemoryError when the client sends a multipart request...
Astra Linux – Vulnerability in Jetty9
In Eclipse Jetty versions 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0alpha0 to 10.0.0.beta2, and 11.0.0alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, then if an attacker can send a request with a body that ...
Astra Linux – Vulnerability in Jetty9
In Eclipse Jetty versions 9.4.0 to 9.4.56, a buffer can be released incorrectly when encountering a gzip error during the inflation of a request body. This can lead to corrupted data and/or inadvertent sharing of data between requests...
Astra Linux – Vulnerabilities in nghttp2, jetty9, netty, tomcat9
The HTTP/2 protocol allows for a denial of service server resource consumption, as request cancellation can quickly reset many streams, as exploited in practice from August to October 2023...
[SECURITY] [DSA 6005-1] jetty9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6005-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2025 https://www.debian.org/security/faq -...
DSA-6005-1 jetty9 - security update
Bulletin has no description...
Debian dsa-6005 : jetty9 - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6005 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6005-1 [email protected] https://www.debian.org/security/...
Debian dla-4299 : jetty9 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4299 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4299-1 [email protected] https://www.debian.org/lts/security/...
SUSE CVE-2018-12536
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...
PT-2021-7304 · Eclipse +2 · Eclipse Jetty +2
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.32 through 9.4.38 Eclipse Jetty versions 10.0.0.beta2 through 10.0.1 Eclipse Jetty versions 11.0.0.beta2 through 11.0.1 Description: The issue is related to the webapps directory in Eclipse Jetty being a symlink,...
UBUNTU-CVE-2018-12545
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...
GHSA-W3GH-G32M-CVHR High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...
org.apache.cxf.fediz:apache-fediz (>=1.3.0 <=1.3.1) potentially affected by CVE-2017-7661 via org.apache.cxf.fediz:fediz-jetty9 (>=1.3.0 <=1.3.1)
org.apache.cxf.fediz:fediz-jetty9 MAVEN version =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2017-7661 Source advisory: OSV:GHSA-WHW7-H25V-9QVX...