Security Bulletin: There is a vulnerability in jetty-http-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763)

Summary There is a vulnerability in jetty-http-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes...

Security Bulletin: Vulnerability in jetty-http affects IBM Integrated Analytics System[CVE-2023-36478]

Summary The jetty-http package is used by IBM Integrated Analytics System. IBM Integrated Anayltics System has addresed the applicable CVE CVE-2023-36478. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and...

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-40167]

Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-40167. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the...

Denial Of Service

jetty-http is vulnerable to Denial Of Service DoS. The vulnerability is due to GOAWAY frames failing to be written to the queue when there is TCP congestion within the server. An attacker can exploit idle timeout periods to leave HTTP/2 or 3 connections in the ESTABLISHED state, even when they...

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-40167].

Summary The jetty-http package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-40167. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the...

Security Bulletin: There is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)

Summary There is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite CVE-2023-26049 Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive informatio...

Security Bulletin: There is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Asset Management application (CVE-2023-26049)

Summary There is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Asset Management application CVE-2023-26049 Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw...

Important: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update

Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available updates to RHBQ 2.13.8.SP3. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2023-26049]

Summary The jetty-http-9.4.48.v20220622.jar package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-26049. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.11.0 release and security update

Red Hat AMQ Broker 7.11.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0(CPDS 2.0) [CVE-2022-2047]

Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2022-2047. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...

Improper Input Validation

jetty-http is vulnerable to improper input validation. The vulnerability exists because the authority function of HttpURI.java does not properly validate the path parameter as a valid authority, allowing an attacker to parse invalid URLs such as http://localhost;/path for the hostname...

CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...

Information Disclosure

jetty-http is vulnerable to information disclosure. Insecure parsing of encoded characters allow an attacker to bypass security constraints and potentially access private files within the WEB-INF directory...

Denial Of Service (DoS)

Jetty HTTP Server is vulnerable to denial of service. HTTP requests are not properly validated, which allows for a remote attacker to cause the application to crash via a large value in the Content-Length header...

HTTP Request Smuggling

jetty-http is vulnerable to http request smuggling. The application uses a parser that is too tolerant with deviations from the HTTP header specifications, allowing a malicious user cause a http request smuggling attack through the bad length parsing...

Moderate: Red Hat Security Advisory: Fuse MQ Enterprise 7.1.0 update

Fuse MQ Enterprise 7.1.0, which fixes one security issue, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, whi...

[SECURITY] Fedora 16 Update: jetty-6.1.26-8.fc16

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

CVE-2011-4404

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to...

CVE-2011-4404

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to...