Lucene search
K

19 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Jetty9

Jetty is a Java-based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or perform unintended behaviors by tampering with the cookie parsing mechanism. If Jetty encounters a cookie value that starts with a double quot...

5.3CVSS6.5AI score0.013EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Jetty9

Jetty is a Java-based web server and servlet engine. An HTTP/2 SSL connection that is established and becomes TCP congested may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the serve...

7.5CVSS6.6AI score0.01433EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Jetty9

There exists a security vulnerability in Jetty’s DosFilter that can be exploited by unauthorized users to cause remote denial-of-service DoS attacks on servers using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server’s memory...

7.5CVSS6.4AI score0.00946EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 9.2.26 and earlier, 9.3.25 and earlier, as well as 9.4.15 and earlier, the server is vulnerable to XSS attacks if a remote client uses a specially formatted URL against the DefaultServlet or ResourceHandler that is configured to display a listing of directory contents...

6.1CVSS6.8AI score0.09591EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Jetty9

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory...

6.5CVSS6.3AI score0.00949EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 7.x, 8.x, 9.2.27 and earlier, 9.3.26 and earlier, and 9.4.16 and earlier, the server running on any operating system and Jetty version combination will display a 404 error in the output, indicating that no Context matching the requested path was found. The default server...

5.3CVSS6.7AI score0.05782EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Jetty9

Jetty is a Java-based web server and servlet engine. In affected versions, servlets that support multipart requests e.g., annotated with @MultipartConfig and call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause an OutOfMemoryError when the client sends a multipart request...

5.3CVSS6.5AI score0.0326EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0alpha0 to 10.0.0.beta2, and 11.0.0alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, then if an attacker can send a request with a body that ...

5.8CVSS6.5AI score0.08113EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 9.4.0 to 9.4.56, a buffer can be released incorrectly when encountering a gzip error during the inflation of a request body. This can lead to corrupted data and/or inadvertent sharing of data between requests...

7.2CVSS6.7AI score0.00432EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in nghttp2, jetty9, netty, tomcat9

The HTTP/2 protocol allows for a denial of service server resource consumption, as request cancellation can quickly reset many streams, as exploited in practice from August to October 2023...

7.5CVSS7AI score0.99999EPSS
Exploits19References2
Debian
Debian
added 2025/09/19 6:34 p.m.6 views

[SECURITY] [DSA 6005-1] jetty9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6005-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2025 https://www.debian.org/security/faq -...

7.7CVSS6.8AI score0.01567EPSS
Exploits0
OSV
OSV
added 2025/09/19 12:0 a.m.4 views

DSA-6005-1 jetty9 - security update

Bulletin has no description...

7.7CVSS7AI score0.01567EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/19 12:0 a.m.5 views

Debian dsa-6005 : jetty9 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6005 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6005-1 [email protected] https://www.debian.org/security/...

7.7CVSS7AI score0.01567EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/14 12:0 a.m.4 views

Debian dla-4299 : jetty9 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4299 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4299-1 [email protected] https://www.debian.org/lts/security/...

7.7CVSS7AI score0.01567EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/04/18 11:27 p.m.4 views

SUSE CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS8.3AI score0.04328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/04/01 12:0 a.m.8 views

PT-2021-7304 · Eclipse +2 · Eclipse Jetty +2

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.32 through 9.4.38 Eclipse Jetty versions 10.0.0.beta2 through 10.0.1 Eclipse Jetty versions 11.0.0.beta2 through 11.0.1 Description: The issue is related to the webapps directory in Eclipse Jetty being a symlink,...

7.8CVSS6AI score0.82371EPSS
Exploits11References102
OSV
OSV
added 2019/03/27 8:29 p.m.5 views

UBUNTU-CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

7.5CVSS6.7AI score0.05082EPSS
Exploits0References3
OSV
OSV
added 2018/10/18 4:56 p.m.1 views

GHSA-W3GH-G32M-CVHR High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

7.5CVSS7.1AI score0.1073EPSS
Exploits0References12
vulnersOsv
vulnersOsv
added 2018/10/18 4:56 p.m.6 views

org.apache.cxf.fediz:apache-fediz (>=1.3.0 <=1.3.1) potentially affected by CVE-2017-7661 via org.apache.cxf.fediz:fediz-jetty9 (>=1.3.0 <=1.3.1)

org.apache.cxf.fediz:fediz-jetty9 MAVEN version =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2017-7661 Source advisory: OSV:GHSA-WHW7-H25V-9QVX...

8.8CVSS7.2AI score0.01104EPSS
Exploits0
Rows per page
Query Builder