Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: CVE-2025-11143: Fixed different parsing of invalid URIs bsc1259242. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...

GHSA-WJPW-4J6X-6RWH org.eclipse.jetty:jetty-http has different parsing of invalid URIs

The Jetty URI parser has some key differences compared to other common parsers when evaluating invalid or unusual URIs. Specifically: Invalid Scheme | URI | Jetty | uri-js nodejs | node-urlnodejs | |---|---|---| --- | | https://vulndetector.com/path | scheme=http| scheme=https | invalid URI |...

EUVD-2025-208311

org.eclipse.jetty:jetty-http has different parsing of invalid URIs...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

Citrix XenApp and XenDesktop XML Service Interface Code Execution

A remote code execution vulnerability has been reported in Citrix XenApp and XenDesktop server. The vulnerability is due to an error in the way the application processes invalid URIs. A remote attacker could exploit this vulnerability by sending a malicious packet to the target service. Successfu...

Code injection

Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service resource consumption via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs...

Code injection

Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service resource consumption via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs...