Lucene search
K

189 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/07/31 10:47 a.m.29 views

Security Bulletin: Vulnerability in jetty-server affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-26048]

Summary The jetty-server-9.4.48.v20220622.jar package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-26048. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused...

5.3CVSS5.6AI score0.0326EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2023/04/24 4:51 a.m.92 views

Information Disclosure

jetty-server is vulnerable to Information Disclosure. The vulnerability exists because the cookie parsing of quoted values can exfiltrate values from other cookies because the cookie VALUE that starts with " double quote will continue to read the cookie string until it sees a closing quote even i...

5.3CVSS5.3AI score0.013EPSS
Exploits0References10Affected Software3
SUSE CVE
SUSE CVE
added 2023/04/20 2:6 a.m.5 views

SUSE CVE-2023-26048

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part...

5.3CVSS7.4AI score0.0326EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/04/18 11:27 p.m.4 views

SUSE CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS8.3AI score0.04328EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.2 views

Eclipse Jetty 信息泄露漏洞

Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. An information disclosure vulnerability exists in Eclipse Jetty that stems from non-standard cookie parsing that could allow an attacker to smuggle cookies in other cookies or perform...

5.3CVSS6.8AI score0.013EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2023/02/23 12:1 a.m.12 views

http2-server: Invalid HTTP/2 requests cause DoS

A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...

7.5CVSS7.1AI score0.0227EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.51 views

K33548065: Eclipse Jetty vulnerability CVE-2018-12536

Security Advisory Description In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters ca...

5.3CVSS6.5AI score0.04328EPSS
Exploits0Affected Software14
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was...

9.8CVSS7.7AI score0.20985EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.5 views

SUSE CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

5.3CVSS8.2AI score0.05782EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/01/17 11:47 a.m.5 views

http2-server: Invalid HTTP/2 requests cause DoS

A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...

7.5CVSS7.1AI score0.0227EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/01/17 11:47 a.m.5 views

jetty-server: Improper release of ByteBuffers in SslConnections

A flaw was found in the Jetty-server package. This flaw allows an attacker to send invalid requests, causing a denial of service in the Jetty Server...

7.5CVSS7.1AI score0.02036EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/01/12 4:49 p.m.6 views

http2-server: Invalid HTTP/2 requests cause DoS

A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...

7.5CVSS7.1AI score0.0227EPSS
Exploits0References5
OSV
OSV
added 2022/12/24 11:4 a.m.3 views

OESA-2022-2149 jetty security update

%global desc \ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content...

6.1CVSS6.5AI score0.09591EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/10/27 6:13 p.m.3 views

jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.9AI score0.7848EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/10 9:24 a.m.16 views

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty.

Summary Summary: There are multiple vulnerabilities in Jetty Server. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details IBM X-Force ID: 230016 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an error related to some o...

7.3AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2022/08/09 3:37 p.m.44 views

CVE-2022-2191

A flaw was found in the Jetty-server package. This flaw allows an attacker to send invalid requests, causing a denial of service in the Jetty Server...

7.5CVSS3.7AI score0.02036EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/07/07 9:15 p.m.2 views

CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...

7.5CVSS6.8AI score0.0227EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/07/07 9:15 p.m.2 views

DEBIAN-CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...

7.5CVSS7.9AI score0.0227EPSS
Exploits0References1
OSV
OSV
added 2022/07/07 8:55 p.m.1 views

GHSA-WGMR-MF83-7X4J Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service

Description Invalid HTTP/2 requests for example, invalid URIs are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying ...

7.5CVSS6.8AI score0.0227EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/21 8:15 p.m.40 views

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty

Summary There are multiple vulnerabilities in Jetty Server. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in t...

7.8CVSS0.4AI score0.99298EPSS
Exploits16Affected Software1
Rows per page
Query Builder