Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2018-12536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynami...

5.3CVSS6.3AI score0.04328EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.51 views

K33548065: Eclipse Jetty vulnerability CVE-2018-12536

Security Advisory Description In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters ca...

5.3CVSS6.5AI score0.04328EPSS
Exploits0Affected Software14
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/07 5:38 p.m.37 views

Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Eclipse Jetty code libraries (Multiple CVEs)

Summary The 'Netcool MIb Manager GUI' use a version of the Eclipse Jetty libary that contains known vulnerabilities. These vulnerabilities have been addressed by an upgrade to Jetty 9.3.29. Vulnerability Details CVEID: CVE-2017-7657 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request...

9.8CVSS0.4AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/22 6:18 p.m.60 views

Security Bulletin: Multiple vulnerabilities in Jasper used in Jetty 8.1.3 Server where Rational Synergy is deployed

Summary There are multiple vulnerabilities in Jasper, Version 2 Service Refresh 2 Fix Pack 2, used by Jetty 8.1.3 is affecting IBM Rational Synergy. Vulnerability Details The following are the list of vulnerabilities affecting IBM Rational Synergy: CVEID: CVE-2018-12538 DESCRIPTION: Eclipse Jetty...

9.8CVSS0.6AI score0.20985EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/22 1:46 p.m.35 views

Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability.

Summary Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct...

9.8CVSS0.3AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.57 views

Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator

Summary There are multiple security vulnerabilities in Jetty that affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a...

9.8CVSS0.4AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/06 7:5 p.m.49 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)

Summary IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two content-lengths headers,...

9.8CVSS0.8AI score0.20985EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/03 3:15 p.m.65 views

Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability.

Summary Description: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection...

9.8CVSS0.3AI score0.20985EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.67 views

Fedora 28 : jetty (2018-48b73ed393)

Update to upstream version 9.4.11. Fixes CVE-2017-7656, CVE-2017-7657, CVE-2017-7658. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

9.8CVSS6.7AI score0.20985EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/16 8:0 p.m.36 views

Security Bulletin: Vulnerabilities in Eclipse Jetty affect the IBM InfoSphere Information Server installers

Summary Vulnerabilities in Eclipse Jetty was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a...

9.8CVSS0.4AI score0.20985EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2018/07/15 12:0 a.m.47 views

Fedora Update for jetty FEDORA-2018-93a507fd0f

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.20985EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/07/05 12:0 a.m.218 views

Eclipse Jetty Server InvalidPathException Information Disclosure Vulnerability - Linux

Eclipse Jetty Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS7.1AI score0.04328EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/06/27 5:29 p.m.37 views

CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS6.8AI score0.04328EPSS
Exploits0References3
CVE
CVE
added 2018/06/27 5:0 p.m.171 views

CVE-2018-12536

CVE-2018-12536 affects Eclipse Jetty Server (9.x) when webapps use the DefaultServlet/Default Error handling. A specially crafted bad query targeting non-matching URLs can trigger java.nio.file.InvalidPathException during static file serving, and if the error handler reveals the exception message...

5.3CVSS6.9AI score0.04328EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder