Amazon Linux 2 : jetty (ALAS-2024-2460)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2460 advisory. Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. Thi...

Debian dla-3592 : jetty9 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3592 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3592-1 [email protected]...

Debian DSA-5507-1 : jetty9 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5507 advisory. Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine. The org.eclipse.jetty.servlets.CGI class has been...

CVE-2023-40167

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

CVE-2023-40167

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

CVE-2023-40167 Jetty accepts "+" prefixed value in Content-Length

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

Jetty accepts "+" prefixed value in Content-Length

Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smugglin...

Moderate: Red Hat Security Advisory: haproxy security update

An update for haproxy is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...

CVE-2017-10868

CVE-2017-10868 affects H2O Web Server (2.2.2 and earlier). DoS can be triggered remotely by a specially crafted HTTP/1 header, impacting availability. Affected product: H2O; root cause: flaw in HTTP/1 header processing. Remediation: update to the latest version (e.g., 2.2.3 or later) as advised b...

JVN#84182676: Multiple vulnerabilities in H2O

H2O is an open source web server software. H2O contains multiple vulnerabilities listed below. A Denial-of-service DoS due to a flaw in processing HTTP/1 header CWE-20 - CVE-2017-10868 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L| Base Score: 5.3 CVSS...