Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

EUVD-2018-0645

Malware in sbrugna...

EUVD-2024-3125

Malicious code in bioql PyPI...

EUVD-2024-3044

Malicious code in bioql PyPI...

CVE-2024-13009

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...

Linux Distros Unpatched Vulnerability : CVE-2023-40167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the...

Medium: jetty

Issue Overview: There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service DoS attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the...

OESA-2023-1032 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

Security Bulletin: Potential Denial of Service (DoS) security vulnerability in IBM Sterling Secure Proxy

Abstract Potential Denial of Service DoS security vulnerability in IBM Sterling Secure Proxy due to a Java HashTable security vulnerability in Jetty CVE-2011-4461. Content SUMMARY: Potential Denial of Service DoS security vulnerability in IBM Sterling Secure Proxy due to a Java HashTable security...

Jetty < 9.4.33 Local Temp Directory Hijacking

The version of Jetty installed on the remote host suffers from a potential race condition when creating temporary sub directories. If an co-located attacker wins the race, then they will have read/write privilege to the subdirectory used to unpack web applications, potentially leading to a local...

Jetty 9.4.x < 9.4.35 Information Disclosure

The version of Jetty installed on the remote host suffers from a flaw where the buffer is not correctly recycled in Gzip request inflation. This may permit an attacker to inject data into the body of the subsequent request Note that the scanner has not tested for this issue but has instead relied...

Jetty 9.4.21 < 9.4.24 Cross-Site Scripting

The version of Jetty installed on the remote host when generating default unhandled Error response content in text/html and text/json Content-Type does not escape Exception messages in stacktraces included in error output. Note that the scanner has not tested for this issue but has instead relied...

OESA-2021-1263 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content. Unlike...

OESA-2021-1249 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content. Unlike separat...

OESA-2021-1052 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

Jetty directory traversal

Directory traversal on CGI apllications access...

Jetty < 4.2.19 HTTP Server HttpRequest.java Content-Length Handling Remote Overflow DoS

According to its banner, the remote host is running a version of Jetty that is older than 4.2.19. The version is vulnerable to a unspecified denial of service. Sarju Bhagat GPLv2 Changes by Tenable: - added CVE xrefs. - revised plugin title, changed family 6/17/09 include"compat.inc"; if...