3 matches found
de.gedoplan:baselibs-wildfly (=36.0.1_02), org.eclipse.jetty.documentation:code-examples (>=10.0.22 <=11.0.25) +18 more potentially affected by CVE-2024-12369 via org.wildfly.security:wildfly-elytron-http-oidc (>=2.3.0.Final <=2.6.1.Final)
org.wildfly.security:wildfly-elytron-http-oidc MAVEN version =2.3.0.Final, =10.0.22, =10.0.21, =10.0.21, =10.0.21, =10.0.21, =10.0.21, =26.0.0, =26.0.0, =26.0.0, =2.3.0.Final, =2.6.10.Final - org.wildfly.transaction:wildfly-transaction-client =3.0.5.Final and more Source cves: CVE-2024-12369 Sour...
Medium: jetty
Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. Thi...
MGASA-2017-0277 Updated jetty packages fix security vulnerability
Jetty is prone to a timing channel attack in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords CVE-2017-9735...