28 matches found
TencentOS Server 4: jetty (TSSA-2025:0022)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0022 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2023-36479
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have th...
Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update
Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...
RHEL 8 : Satellite 6.14.2 Async Security Update (Important) (RHSA-2024:0797)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0797 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...
Security Bulletin: Vulnerabilities found in Jetty may affect IBM Content Collector for SAP Applications
Summary IBM Content Collector for SAP Applications may be affected by multiple vulnerabilities found in Jetty. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially...
Security Bulletin: Potential vulnerability in Eclipse Jetty used by Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2023-36479)
Summary Eclipse Jetty in Apache Solr could provide weaker than expected security. This has been addressed. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty could provide weaker than expected security, caused by an errant command quoting flaw in the...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...
openSUSE: Security Advisory for jetty (SUSE-SU-2023:4210-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: Satellite 6.14.2 Async Security Update
Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet...
Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities in IBM® Semeru Java™ Version 11 and Eclipse Jetty
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 and Eclipse Jetty used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.20.0 CVE-2023-22049, CVE-2023-22036 and Eclipse Jetty 10.0.17...
Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester
Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Eclipse Jetty
Summary IBM Sterling Connect:Direct Browser User Interface uses Eclipse Jetty server. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty
Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the optional nested...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2023:4210-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4210-1 advisory. - Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15,...
Debian: Security Advisory (DLA-3592-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3592 : jetty9 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3592 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3592-1 [email protected]...
Debian DSA-5507-1 : jetty9 - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5507 advisory. Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine. The org.eclipse.jetty.servlets.CGI class has been...
[SECURITY] [DSA 5507-1] jetty9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5507-1 [email protected] https://www.debian.org/security/ Markus Koschany September 28, 2023 https://www.debian.org/security/faq -...
CVE-2023-36479
A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...