Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by improper validation due to Eclipse Jetty.

Summary Eclipse Jetty is used by IBM Cloud Pak for Data System CPDS as part of its web server infrastructure. CVE-2024-6763 affects Eclipse Jetty's HttpURI class, which performs insufficient validation on the authority segment of a URI. This could potentially lead to open redirect attacks or...

Linux Distros Unpatched Vulnerability : CVE-2024-6763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpU...

SUSE CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

CVE-2022-2047

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario...