Lucene search
+L

189 matches found

vulnersOsv
vulnersOsv
added 2018/10/17 3:44 p.m.11 views

biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4) +632 more potentially affected by CVE-2016-4434 via org.apache.tika:tika-core (>=0.4 <=1.12)

org.apache.tika:tika-core MAVEN version =0.4, =4.2.0, =5.6.100, =2.0.6, =1.0.10, =1.0.12, =1.0.8, =0.6, =1.0.8, =1.0.12 and more Source cves: CVE-2016-4434 Source advisory: OSV:GHSA-4XR4-4C65-HJ7F...

7.8CVSS7.2AI score0.03449EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/07/05 12:0 a.m.298 views

Eclipse Jetty Server Fake Pipeline Request Security Bypass Vulnerability - Windows

Eclipse Jetty Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

9.8CVSS9.5AI score0.20985EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/07/05 12:0 a.m.218 views

Eclipse Jetty Server InvalidPathException Information Disclosure Vulnerability - Linux

Eclipse Jetty Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS7.1AI score0.04328EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/07/05 12:0 a.m.1209 views

Eclipse Jetty Server Fake Pipeline Request Security Bypass Vulnerability - Linux

Eclipse Jetty Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

9.8CVSS9.5AI score0.20985EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/04 12:0 a.m.5 views

Eclipse Jetty Server Information Disclosure Vulnerability

Eclipse Jetty Server is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . An information disclosure vulnerability exists in Eclipse Jetty Server version 9.x that stems from an error response with an InvalidPathException message containing sensitive...

5.3CVSS5.7AI score0.04328EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/28 12:0 a.m.4 views

Unspecified Vulnerability in Eclipse Jetty

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty that stems from the program's failure to properly handle the HTTP/0.9 version of the protocol. An attacker could exploit the vulnerabilit...

7.5CVSS6.3AI score0.06239EPSS
Exploits0References1
NVD
NVD
added 2018/06/27 5:29 p.m.34 views

CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS7.1AI score0.04328EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2018/06/27 5:29 p.m.37 views

CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS6.8AI score0.04328EPSS
Exploits0References3
OSV
OSV
added 2018/06/27 5:29 p.m.7 views

UBUNTU-CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS6.7AI score0.04328EPSS
Exploits0References4
OSV
OSV
added 2018/06/27 5:29 p.m.42 views

CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS7AI score
Exploits0References8
OSV
OSV
added 2018/06/27 5:29 p.m.3 views

DEBIAN-CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS6.3AI score0.04328EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/06/27 5:0 p.m.47 views

CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS5.8AI score0.04328EPSS
Exploits0
Cvelist
Cvelist
added 2018/06/27 5:0 p.m.36 views

CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

6.5AI score0.04328EPSS
Exploits0References8
CVE
CVE
added 2018/06/27 5:0 p.m.173 views

CVE-2018-12536

CVE-2018-12536 affects Eclipse Jetty Server (9.x) when webapps use the DefaultServlet/Default Error handling. A specially crafted bad query targeting non-matching URLs can trigger java.nio.file.InvalidPathException during static file serving, and if the error handler reveals the exception message...

5.3CVSS6.9AI score0.04328EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2018/06/27 8:49 a.m.66 views

CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was...

9.8CVSS2.8AI score0.20985EPSS
Exploits0References2
Prion
Prion
added 2018/06/26 5:29 p.m.32 views

Authorization

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was...

7.5CVSS9.2AI score0.20985EPSS
Exploits0References17Affected Software8
OSV
OSV
added 2018/06/26 5:29 p.m.4 views

UBUNTU-CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was...

9.8CVSS6.8AI score0.20985EPSS
Exploits0References3
Veracode
Veracode
added 2018/06/26 5:12 p.m.26 views

Session Hijacking

jetty-server is vulnerable to session hijacking. A malicious user can pass a Session ID to the application to hijack and manipulate other Http sessions on the system. Examples of such a session ID include a session ID with a single byte value, a blank session ID and a partial Session ID...

8.8CVSS8.2AI score0.02689EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2018/06/26 5:0 p.m.44 views

CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was...

9.8CVSS6.5AI score0.20985EPSS
Exploits0
Cvelist
Cvelist
added 2018/06/26 5:0 p.m.34 views

CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was...

9.4AI score0.20985EPSS
Exploits0References17
Rows per page
Query Builder