Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

Eclipse Jetty ConcatServlet - Information Disclosure

Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...

CData Sync < 23.4.8843 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...

CData API Server < 23.4.8844 - Path Traversal

A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...

CData Arc < 23.4.8839 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Arc 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. id: CVE-2024-31850 info: name: CData Arc 23.4.88...

Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage

Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header. id: CVE-2015-2080 info: name: Eclipse Jetty 9.2.9.v20150224 - Sensitive Information Leakage author: pikpikcu severity: high description: Eclip...

Eclipse Jetty - Information Disclosure

Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 is susceptible to improper authorization. The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can access sensitive information regarding...

Security Bulletin: IBM Operational Decision Manager - Multiple CVEs addressed related to SOLR and its dependencies (such as Jetty) affecting ODM-9.0.0 and older versions

Summary This Security bulletin addresses vulnerabilities in Apache Solr and its dependencies including Eclipse Jetty that might affect IBM Operational Decision Manager version 9.0.0 and older versions. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is...

ROOT-APP-MAVEN-CVE-2025-5115 CVE-2025-5115 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root

Root has patched CVE-2025-5115 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-1948 CVE-2025-1948 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root

Root has patched CVE-2025-1948 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-2332 CVE-2026-2332 in io.root.org.eclipse.jetty:jetty-http - Patched by Root

Root has patched CVE-2026-2332 in the io.root.org.eclipse.jetty:jetty-http package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-1605 CVE-2026-1605 in io.root.org.eclipse.jetty:jetty-server - Patched by Root

Root has patched CVE-2026-1605 in the io.root.org.eclipse.jetty:jetty-server package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-5795 CVE-2026-5795 in io.root.org.eclipse.jetty.ee10:jetty-ee10-jaspi - Patched by Root

Root has patched CVE-2026-5795 in the io.root.org.eclipse.jetty.ee10:jetty-ee10-jaspi package for Root:Maven. Multiple fixed versions available...

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

ROOT-APP-MAVEN-CVE-2024-22201 CVE-2024-22201 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root

Root has patched CVE-2024-22201 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-8184 CVE-2024-8184 in io.root.org.eclipse.jetty:jetty-server - Patched by Root

Root has patched CVE-2024-8184 in the io.root.org.eclipse.jetty:jetty-server package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-11143 CVE-2025-11143 in io.root.org.eclipse.jetty:jetty-http - Patched by Root

Root has patched CVE-2025-11143 in the io.root.org.eclipse.jetty:jetty-http package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-6763 CVE-2024-6763 in io.root.org.eclipse.jetty:jetty-http - Patched by Root

Root has patched CVE-2024-6763 in the io.root.org.eclipse.jetty:jetty-http package for Root:Maven. Multiple fixed versions available...

Eclipse Jetty - Information Disclosure

Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive informatio...

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2026-1605

Summary Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2026-1605, CVE-2026-1605 is a high-severity vulnerability in the Eclipse Jetty web server caused by improper resource management in the GzipHandler component. IBM Engineering Systems Design Rhapsody has resolve...