Eclipse Jetty - Information Disclosure

Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive informatio...

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Eclipse Jetty web server library that could lead to request data corruption or leakage between sessions (CVE-2024-13009).

Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Jetty is vulnerable to improper handling of malformed gzip requests, which may lead to request data corruption or inadvertent leakage of request data between sessions under certain conditio...

EUVD-2019-0430

Malware in sbrugna...

EUVD-2018-0696

Malware in sbrugna...

EUVD-2020-1455

Malware in sbrugna...

EUVD-2019-0383

Malware in sbrugna...

EUVD-2024-3114

Malicious code in bioql PyPI...

EUVD-2022-6317

Malicious code in bioql PyPI...

EUVD-2024-3062

Malicious code in bioql PyPI...

ROS-20250630-04

The Eclipse Jetty servlet container vulnerability is related to a bug in GzipHandler when handling certain URL paths. Exploitation of the vulnerability could allow an attacker to bypass the enforced security restrictions security The Eclipse Jetty servlet container vulnerability is related to the...

Eclipse Jetty Information Disclosure Vulnerability (GHSA-q4rv-gq96-w7c5) - Windows

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

Eclipse Jetty Information Disclosure Vulnerability (GHSA-q4rv-gq96-w7c5) - Linux

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

CVE-2024-13009

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...

CVE-2025-1948

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-9823)

Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to deial-of-service attack due to issues with OutofMemory errors related with DosFilter. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty's DosFilter which can be...

Security Bulletin: Vulnerabilities in Eclipse jetty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerabilities in Eclipse Jetty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ and Eclipse Jetty

Summary There are vulnerabilities in IBM® Semeru Java™ and Eclipse Jetty used by IBM Cognos Command Center. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos Comman...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Eclipse Jetty has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is...

Security Bulletin: Vulnerability with Eclipse Jetty, e2fsprogs, dnsjava , Apache Commons IO, Apache HTTP Server and Java SE affect IBM Cloud Object Storage Systems (Dec 2024)

Summary Vulnerability with Eclipse Jetty CVE-2024-9823, CVE-2024-6763, CVE-2024-8184, e2fsprogs CVE-2022-1304 dnsjava CVE-2024-25638, Apache Commons IO. CVE-2024-47554 , Apache HTTP ServerCVE-2024-40725 and Java SE CVE-2024-21217,CVE-2024-21235, CVE-2024-21210. This vulnerability has been address...

Security Bulletin: Due to the use of Eclipse Jetty, IBM App Connect Professional is vulnerable to bypass security restrictions

Summary Eclipse Jetty is used within IBM App Connect Professional Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by improper validation on the authority segment of a URI in the HttpURI class. By sending a...