Lucene search
+L

189 matches found

OSV
OSV
added 2025/08/20 8:15 p.m.7 views

UBUNTU-CVE-2025-5115

In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...

7.7CVSS6.7AI score0.01567EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/08/06 4:17 p.m.5 views

jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...

7.5CVSS7AI score0.00625EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/08/01 5:42 p.m.3 views

jetty-server: Jetty: Gzip Request Body Buffer Corruption

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

7.2CVSS7.1AI score0.00453EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/06/30 1:16 p.m.5 views

jetty-server: Jetty: Gzip Request Body Buffer Corruption

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

7.2CVSS7.1AI score0.00453EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/20 12:0 p.m.6 views

Security Bulletin: Vulnerability in jetty-server affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6763, CVE-2024-8184]

Summary The jetty-server package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6763, CVE-2024-8184 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web...

6.5CVSS5.7AI score0.01037EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.9 views

TencentOS Server 4: jetty (TSSA-2025:0022)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0022 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

5.3CVSS7.2AI score0.01069EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/30 1:15 p.m.12 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses commons-codec-1.11.jar, okio-jvm-3.0.0.jar, jetty-http-10.0.24.jar and jetty-server-10.0.24.jar which is vulnerable to CVE-2020-8908, CVE-2023-2976, CVE-2024-6763, CVE-2023-3635

Summary IBM Maximo Application Suite - IoT Component uses commons-codec-1.11.jar, okio-jvm-3.0.0.jar, jetty-http-10.0.24.jar and jetty-server-10.0.24.jar which is vulnerable to CVE-2020-8908, CVE-2023-2976, CVE-2024-6763, CVE-2023-3635. This bulletin contains information regarding the vulnerabili...

7.5CVSS6.9AI score0.01254EPSS
Exploits3Affected Software1
Veracode
Veracode
added 2025/05/14 6:28 a.m.11 views

Data Corruption

org.eclipse.jetty:jetty-server is vulnerable to Data Corruption. The vulnerability is due to improper buffer management caused by the incorrect release of a buffer when handling gzip errors during request body inflation, allows attackers to access sensitive data from other requests...

7.2CVSS6.6AI score0.00453EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/05/08 7:28 p.m.5 views

Improper Resource Shutdown or Release

Overview org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to an error in handling gzip compression in the GzipHandler. An attacker can corrupt dat...

7.2CVSS7.1AI score0.00453EPSS
Exploits0References2
OSV
OSV
added 2025/05/08 6:15 p.m.7 views

UBUNTU-CVE-2025-1948

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

7.5CVSS7.1AI score0.00625EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/10 2:14 p.m.23 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities reported in Jetty server (CVE-2024-8184, CVE-2024-6763)

Summary Multiple vulnerabilities over Eclipse Jetty is affecting IBM Sterling Control Center v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service...

6.5CVSS5.8AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/01 10:37 a.m.22 views

Security Bulletin: There is a vulnerability in jetty-server-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763)

Summary There is a vulnerability in jetty-server-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includ...

6.5CVSS7AI score0.01037EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2025/03/05 8:59 p.m.4 views

org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

A flaw was found in Jetty's ThreadLimitHandler.getRemote. This flaw allows unauthorized users to cause remote denial of service DoS attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory...

6.5CVSS5.8AI score0.01037EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2023-26049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or...

5.3CVSS6.7AI score0.013EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2018-12536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynami...

5.3CVSS6.3AI score0.04328EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2017-7658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, when presented with two...

9.8CVSS6.6AI score0.20985EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 12:28 a.m.8 views

CVE-2024-31850

A path traversal vulnerability exists in the Java version of CData Arc 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions...

8.6CVSS7AI score0.03037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:27 a.m.6 views

CVE-2024-31849

A path traversal vulnerability exists in the Java version of CData Connect 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application...

9.8CVSS7.4AI score0.06076EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:25 a.m.7 views

CVE-2024-31851

A path traversal vulnerability exists in the Java version of CData Sync 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions...

8.6CVSS7AI score0.02885EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:20 a.m.9 views

CVE-2024-31848

A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application...

9.8CVSS7.2AI score0.08151EPSS
Exploits1References1
Rows per page
Query Builder