Lucene search
K

21 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 3:54 p.m.22 views

Security Bulletin: Multiple vulnerabilities in eclipse jetty may affect IBM Business Automation Workflow Case Configuration tool

Summary IBM Business Automation Workflow Case configuration tool packages vulnerable versions of the eclipse jetty open source library. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a fl...

9.8CVSS6.9AI score0.7848EPSS
Exploits2Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2017-7656

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled...

7.5CVSS6.6AI score0.06411EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/18 9:41 p.m.22 views

Security Bulletin: Several Security Vulnerabilities were discovered in IBM Security Directory Suite

Summary Several Security Vulnerabilities in the IBM Security Directory Integrator and Eclipse Jetty were addressed in the IBM Security Directory Suite. Vulnerability Details CVEID:CVE-2022-32759 DESCRIPTION: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0...

9.8CVSS8AI score0.7848EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 12:45 a.m.46 views

Security Bulletin: Multiple security vulnerabilities in Eclipse Jetty affect IBM Security Directory Integrator

Summary The IBM Security Directory Integrator was vulnerable to multiple security vulnerabilities in the Eclipse Jetty component. This was addressed in version 10 of the IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2017-9735 DESCRIPTION: Jetty could allow a remote attacker t...

9.8CVSS9AI score0.7848EPSS
Exploits5Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.56 views

K21054458: Eclipse Jetty vulnerability CVE-2017-7656

Security Advisory Description In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9...

7.5CVSS7.1AI score0.06411EPSS
Exploits0Affected Software14
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/07 5:38 p.m.37 views

Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Eclipse Jetty code libraries (Multiple CVEs)

Summary The 'Netcool MIb Manager GUI' use a version of the Eclipse Jetty libary that contains known vulnerabilities. These vulnerabilities have been addressed by an upgrade to Jetty 9.3.29. Vulnerability Details CVEID: CVE-2017-7657 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request...

9.8CVSS0.4AI score0.20985EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/04/19 12:0 a.m.83 views

F5 Networks BIG-IP : Eclipse Jetty vulnerability (K21054458)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K21054458 advisory. In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration wit...

7.5CVSS6.8AI score0.06411EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/22 6:18 p.m.60 views

Security Bulletin: Multiple vulnerabilities in Jasper used in Jetty 8.1.3 Server where Rational Synergy is deployed

Summary There are multiple vulnerabilities in Jasper, Version 2 Service Refresh 2 Fix Pack 2, used by Jetty 8.1.3 is affecting IBM Rational Synergy. Vulnerability Details The following are the list of vulnerabilities affecting IBM Rational Synergy: CVEID: CVE-2018-12538 DESCRIPTION: Eclipse Jetty...

9.8CVSS0.6AI score0.20985EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/22 1:46 p.m.35 views

Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability.

Summary Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct...

9.8CVSS0.3AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/29 10:15 a.m.42 views

Security Bulletin: Publicly disclosed vulnerability found by vFinder in IBM eDiscovery Analyzer

Summary Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct...

9.8CVSS0.7AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.57 views

Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator

Summary There are multiple security vulnerabilities in Jetty that affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a...

9.8CVSS0.4AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/06 7:5 p.m.49 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)

Summary IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers,...

9.8CVSS0.8AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/12 6:40 p.m.29 views

Security Bulletin: Publicly Disclosed Vulnerability Found By vFinder (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)

Summary Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Eclipse Jetty Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sendin...

9.8CVSS0.3AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/03 3:15 p.m.58 views

Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability.

Summary Description: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection...

9.8CVSS0.3AI score0.20985EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.67 views

Fedora 28 : jetty (2018-48b73ed393)

Update to upstream version 9.4.11. Fixes CVE-2017-7656, CVE-2017-7657, CVE-2017-7658. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

9.8CVSS6.7AI score0.20985EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/16 8:0 p.m.36 views

Security Bulletin: Vulnerabilities in Eclipse Jetty affect the IBM InfoSphere Information Server installers

Summary Vulnerabilities in Eclipse Jetty was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a...

9.8CVSS0.4AI score0.20985EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/08/20 12:0 a.m.47 views

Debian DSA-4278-1 : jetty9 - security update

Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in HTTP request smuggling. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4278. The text itself is...

9.8CVSS7AI score0.20985EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2018/07/15 12:0 a.m.47 views

Fedora Update for jetty FEDORA-2018-93a507fd0f

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.20985EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/07/13 12:0 a.m.63 views

Fedora 27 : jetty (2018-93a507fd0f)

Update to upstream version 9.4.11. Fixes CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12538. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much...

9.8CVSS6.7AI score0.20985EPSS
Exploits0References6
CVE
CVE
added 2018/06/26 3:0 p.m.209 views

CVE-2017-7656

CVE-2017-7656 affects Eclipse Jetty: HTTP/0.9 handling vulnerability in Jetty 9.2.x and older, 9.3.x (all configurations), and 9.4.x with RFC2616 compliance enabled. An HTTP/1 style request line declaring HTTP/0.9 could be treated as a 0.9 request, potentially enabling intermediar y proxies to mi...

7.5CVSS8.2AI score0.06411EPSS
Exploits0References12Affected Software1
Rows per page
Query Builder