Astra Linux - уязвимость в jetty9

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to an org.eclipse.jetty.servlets.CGI Servlet for a binary file whose name contains...

EUVD-2009-5003

Malware in sbrugna...

The vulnerability of Eclipse Jetty servlet containers, related to improper cleaning or release of resources, allows attackers to trigger a service failure.

The vulnerability of Eclipse Jetty servlet containers is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of Eclipse Jetty servlet containers, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of Eclipse Jetty servlet containers is related to uncontrolled resource consumption in the ThreadLimitHandler.getRemote function. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

The vulnerability of Eclipse Jetty servlet containers, related to uncontrolled resource consumption, allows attackers to trigger a Denial-of-Service Attack (DoS).

The vulnerability of Eclipse Jetty servlet containers is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to initiate a Denial-of-Service attack from a remote location...

ROS-20241216-10

The Jetty servlet container vulnerability is related to the lack of control over internal resource consumption within DoSFilter. Exploitation of the vulnerability could allow an attacker acting remotely to repeatedly send crafted requests multiple times, cause an OutofMemory error, and finally...

The vulnerability of Eclipse Jetty servlet containers, related to improper handling of citation syntax, allows attackers to execute arbitrary code.

The vulnerability of Eclipse Jetty servlet containers relates to the creation of the command line, which contains multiple tokens instead of just one. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Eclipse Jetty servlet containers, related to uncontrolled resource consumption, allows attackers to limit the server’s ability to accept new connections from legitimate clients.

The vulnerability of Eclipse Jetty servlet containers relates to uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to limit the server’s ability to accept new connections from legitimate clients...

jetty: Improper addition of quotation marks to user inputs in CgiServlet

A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...

The vulnerability of Eclipse Jetty servlet containers, related to errors in processing input data length parameters, allows attackers to execute “HTTP request hijacking” attacks.

The vulnerability of Eclipse Jetty servlet containers is related to errors in processing parameter values related to input data length. Exploiting this vulnerability can allow a malicious actor to carry out a “HTTP request hijacking” attack remotely...

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...

jetty: Improper addition of quotation marks to user inputs in CgiServlet

A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...

The vulnerability of Eclipse Jetty servlet containers, related to inadequate management of system resources, allows attackers to trigger service failures.

The vulnerability of Eclipse Jetty servlet containers is related to insufficient management of system resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of Eclipse Jetty servlet containers arises from insufficient validation of input data, allowing attackers to cause failures in the proxy script.

The vulnerability of Eclipse Jetty servlet containers exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause failures in the proxy scenarios...

The vulnerability of Eclipse Jetty servlet containers, related to errors in information processing, allows attackers to gain unauthorized access to protected information.

The vulnerability of Eclipse Jetty servlet containers is related to errors in information processing. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of Eclipse Jetty servlet containers, related to inconsistent interpretation of HTTP requests, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Eclipse Jetty servlet containers is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of Eclipse Jetty servlet containers, related to duplicate resource operations, allows attackers to gain unauthorized access to protected information, execute arbitrary code, or cause service failures.

The vulnerability of Eclipse Jetty servlet containers is related to the duplication of resource operations. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information, execute arbitrary code, or cause service failures...

The vulnerability of Eclipse Jetty servlet containers arises from the lack of measures taken to protect the structure of web pages, allowing attackers to carry out XSS attacks.

The vulnerability of Eclipse Jetty servlet containers exists because measures to protect the structure of web pages are not taken. Exploiting this vulnerability allows a malicious actor to perform XSS attacks by using a specially crafted URL address for the DefaultServlet or ResourceHandler...

Information Disclosure

jetty-util and jetty-servlet is vulnerable to information disclosures. When handling a query with bad characters that doesn't match the url-pattern, the application throws an InvalidPathException that shows the full path to the base resource directory of the web application...

wp-02-0011: Jetty CGIServlet Arbitrary Command Execution

Westpoint Security Advisory Title: Jetty CGIServlet Arbitrary Command Execution Risk Rating: Medium Software: Jetty Servlet Container Platforms: Win32 other platforms not tested Vendor URL: www.mortbay.org Author: Matt Moore [email protected] Date: 1st October 2002 Advisory ID: wp-02-0011.txt...