189 matches found
GHSA-26VR-8J45-3R4W Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. Workarounds The problem can be worked around by compiling the...
Information Disclosure
jetty-server is vulnerable to information disclosure. The URI normalisation in default compliance mode does not escape % encoded characters in the request metadata by common Servlet implementations, allowing access to sensitive resources within the WEB-INF directory via the use of URI with %2e or...
CVE-2020-14359
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...
Design/Logic Flaw
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...
PT-2021-9721 · Red Hat +1 · Keycloak Gatekeeper +1
Name of the Vulnerable Software and Affected Versions: Keycloak Gatekeeper versions all Description: A vulnerability was found in Keycloak Gatekeeper where an attacker can bypass the Gatekeeper by using lower case HTTP headers, for example, via cURL. This issue is particularly problematic when th...
CVE-2020-14359
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...
Operation on a Resource after Expiration or Release in Jetty Server
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
Information Disclosure
jetty-server is vulnerable to information disclosure. An HTTP 431 error occurs when large response headers are received, causing the HTTP response headers to be released to ByteBufferPool twice. This results in a double release and memory corruption and causes confidential information to be...
Authorization Bypass
jetty-server is vulnerable to authorization bypass. The vulnerability exists as a buffer corruption could occur when the response buffer is too large, allowing the header buffer to be released, but not nulled, causing the server to send incorrect responses to different clients...
jetty: error path information disclosure
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...
jetty: full server path revealed when using the default Error Handling
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...
Cross-Site Scripting (XSS)
jetty-server is vulnerable to cross-site scripting. The server response containing the default error message from stacktraces is not sanitized and escaped before being displayed, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser...
CVE-2009-5045
Dump Servlet information leak in jetty before 6.1.22...
CVE-2009-5048
Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20...
Information Disclosure
jetty-server is vulnerable to information disclosure. The error page produced from DefaultHandler reveals the base resource directory of each context in the list of contexts...
DEBIAN-CVE-2019-10247
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...
UBUNTU-CVE-2018-12545
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...
CRLF Injection
Jetty Server is vulnerable to CRLF injection. A remote attacker is able to inject arbitrary HTTP headers into the server response to perform response splitting attacks via the reason string in AbstractGenerator.java...
GHSA-6X9X-8QW9-9PP6 Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
Eclipse Jetty Server versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, are vulnerable to HTTP Request Smuggling when presented with two content-lengths headers, allowing authorization bypass. When presented with a content-length and a chunked...
GHSA-9RGV-H7X4-QW8G Eclipse Jetty Server generates error message containing sensitive information
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...