Eclipse Jetty - Information Disclosure

Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 is susceptible to improper authorization. The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can access sensitive information regarding...

Eclipse Jetty - Information Disclosure

Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive informatio...

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affects IBM Rational Functional Tester / DevOps Test UI

Summary There are vulnerabilities in Eclipse Jetty used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote...

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of Eclipse Jetty

Summary Due to use of Eclipse Jetty, DevOps Test Performance and Rational Performance Tester contain potential input validation, information exposure, integer overflow, memory allocation, HTTP parsing, and URI authority validation vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047...

Astra Linux - уязвимость в jetty9

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

Oracle GoldenGate for Big Data Multiple Vulnerabilities 23.x < 23.26.2.0.0 (April 2026 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate component: Third Party Google...

Eclipse Jetty 环境问题漏洞

Eclipse Jetty is an open-source Java-based web server and Java Servlet container developed by the Eclipse Foundation. Eclipse Jetty has a vulnerability related to environmental issues, which stems from the HTTP/1.1 parser’s request interception vulnerability when using chunked extensions...

GHSA-GC59-R5JQ-98QW Duplicate Advisory: Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r7p8-xq5m-436c. This link is maintained to preserve external references. Original Description In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variabl...

PT-2026-31308

Name of the Vulnerable Software and Affected Versions Eclipse Jetty affected versions not specified Description Eclipse Jetty's JASPIAuthenticator class sets two ThreadLocal variables during authentication checks. Under certain conditions, the code returns early without clearing these ThreadLocal...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service (DoS), server-side request forgery (SSRF) protections, leak or corrupt request data, and security by-pass due to the use of Eclipse Jetty

Summary Eclipse Jetty in Apache Solr, and Apache ZooKeeper is used by IBM Operations Analytics - Log Analysis as Solr's HTTP endpoints and admin UI, and on Zookeeper as AdminServer HTTP interface. CVE-2024-8184, CVE-2024-6763, CVE-2024-13009, CVE-2025-11143 Vulnerability Details CVEID:CVE-2024-81...

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Eclipse Jetty web server library that could lead to request data corruption or leakage between sessions (CVE-2024-13009).

Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Jetty is vulnerable to improper handling of malformed gzip requests, which may lead to request data corruption or inadvertent leakage of request data between sessions under certain conditio...

Linux Distros Unpatched Vulnerability : CVE-2026-1605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding:...

Oracle Enterprise Manager Cloud Control (January 2026 CPU)

The 13.5 and 24.1 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Agent...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Eclipse Jetty

Summary Vulnerabilities have been identified in Eclipse Jetty, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can rea...

Security Bulletin: Due to use of Eclipse Jetty, IBM Sterling Connect:Direct Web Services is affected by denial-of-service (DoS) attack.

Summary Eclipse Jetty is used by IBM Sterling Connect:Direct Web Services CVE-2024-8184, CVE-2024-6763. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote which can be exploited by unauthorized users to cause remote...

EUVD-2018-0645

Malware in sbrugna...

EUVD-2018-0696

Malware in sbrugna...

EUVD-2018-0567

Malware in sbrugna...

EUVD-2019-0430

Malware in sbrugna...

EUVD-2018-0544

Malware in sbrugna...