Lucene search
K

21 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:41 p.m.5 views

Security Bulletin:Jetty URI Parser Differences and Potential Security Implications

Summary The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs...

6.5CVSS7.2AI score0.00159EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/11 5:31 p.m.4 views

SUSE CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

3.7CVSS5.8AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/05 9:41 p.m.5 views

EUVD-2025-208311

org.eclipse.jetty:jetty-http has different parsing of invalid URIs...

3.7CVSS5.9AI score0.00159EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/05 12:36 p.m.3 views

CVE-2025-11143

A flaw was found in org.eclipse.jetty. The Jetty URI parser handles invalid or unusual Uniform Resource Identifiers URIs differently compared to other common parsers. This discrepancy, known as differential parsing, can lead to security bypasses in systems that use multiple components to process...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References4
NVD
NVD
added 2026/03/05 10:15 a.m.8 views

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

6.5CVSS0.00159EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 10:15 a.m.8 views

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

6.5CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/05 10:15 a.m.2 views

DEBIAN-CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

6.5CVSS7.7AI score0.00159EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 10:15 a.m.4 views

UBUNTU-CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 9:26 a.m.28 views

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

3.7CVSS0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:26 a.m.6 views

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

3.7CVSS5.9AI score0.00159EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/05 9:26 a.m.64 views

CVE-2025-11143

Summary of CVE-2025-11143 : The Jetty HTTP URI parser has differences in handling invalid/unusual URIs, causing potential security by‑pass or leakage of implementation details when multiple components parse URIs differently. Public sources describe practical implications as differential parsing a...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 9:26 a.m.4 views

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

3.7CVSS5.9AI score0.00159EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/05 9:26 a.m.4 views

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

6.5CVSS7.2AI score0.00159EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/03/05 12:0 a.m.2 views

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23435

Name of the Vulnerable Software and Affected Versions Jetty affected versions not specified Description The Jetty URI parser exhibits differences in how it evaluates invalid or unusual URIs compared to other common parsers. This differential parsing of URIs, particularly in systems with multiple...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References394
OSV
OSV
added 2025/04/14 11:35 a.m.45 views

BIT-PYTHON-2025-0938 URL parser allowed square brackets in domain names

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS5.8AI score0.01499EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.11 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-898)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-898 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References4
Amazon
Amazon
added 2025/03/26 12:0 a.m.6 views

Medium: python3.9

Issue Overview: The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could...

6.3CVSS7.7AI score0.01499EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/02/04 12:0 a.m.18 views

Python Improper Input Validation Vulnerability (Jan 2025) - Mac OS X

Python is prone to an improper input validation vulnerability in the urllib.parse.urlsplit and urlparse standard functions. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.3CVSS6.8AI score0.01499EPSS
Exploits0References10
CVE
CVE
added 2025/01/31 5:51 p.m.2894 views

CVE-2025-0938

Summary (CVE-2025-0938): The issue arises in Python’s standard library URL parsing, where urllib.parse.urlsplit/urlparse accepted domain names containing square brackets, contrary to RFC 3986. This leads to differential parsing between Python’s parser and other RFC-compliant parsers. The connecte...

6.3CVSS6.5AI score0.01499EPSS
Exploits0References11
Rows per page
Query Builder