7 matches found
RHCOS 3 : OpenShift Container Platform 3.11.462 (RHSA-2021:2517)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2517 advisory. - jetty: local temporary directory hijacking vulnerability CVE-2020-27216 - jetty: buffer not correctly recycled in Gzip Request...
jetty: buffer not correctly recycled in Gzip Request inflation
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...
openSUSE: Security Advisory for jetty-minimal (openSUSE-SU-2021:0012-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for jetty-minimal (moderate)
openSUSE Security Update: Security update for jetty-minimal Announcement ID: openSUSE-SU-2021:0012-1 Rating: moderate References: 1179727 Cross-References: CVE-2020-27218 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...
SUSE-SU-2020:3922-1 Security update for jetty-minimal
This update for jetty-minimal fixes the following issues: - jetty-minimal was upgraded to version 9.4.35.v20201120 - CVE-2020-27218: Fixed an issue where buffer not correctly recycled in Gzip Request inflation bsc1179727...
Buffer not correctly recycled in Gzip Request inflation
Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see...
CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...