Lucene search
K

4 matches found

OSV
OSV
added 2018/10/19 4:15 p.m.490 views

GHSA-VGG8-72F2-QM23 Critical severity vulnerability that affects org.eclipse.jetty:jetty-server

In Eclipse Jetty, versions 9.2.x and older, 9.3.x, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined...

9.8CVSS7AI score0.16154EPSS
Exploits0References17
Veracode
Veracode
added 2018/07/19 8:32 a.m.53 views

Request Smuggling

jetty is vulnerable to request smuggling. An integer overflow in the chunk length parsing causes a large chunk size to be interpreted as a smaller chunk size. As a result, the content in the chunk body is interpreted as a pipelined request which can be exploited by an attacker to bypass...

9.8CVSS9.2AI score0.16154EPSS
Exploits0References25Affected Software3
CVE
CVE
added 2018/06/26 4:0 p.m.317 views

CVE-2017-7657

CVE-2017-7657 affects Eclipse Jetty: transfer-encoding chunk size parsing could overflow an integer, causing large chunks to be treated as smaller ones and enabling a fake pipelined request that bypasses intermediary authorization. Affected versions include Jetty 9.2.x and older, 9.3.x (all confi...

9.8CVSS9.1AI score0.16154EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2017/10/27 7:29 p.m.4 views

ALPINE-CVE-2017-13089

The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...

8.8CVSS7AI score0.79855EPSS
Exploits3References1
Rows per page
Query Builder