Lucene search
+L

189 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/03/06 6:13 a.m.29 views

Security Bulletin: Vulnerability in jetty-server affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-26048]

Summary The jetty-server package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-26048 Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory...

5.3CVSS5.5AI score0.0326EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.6 views

PT-2024-2870 · Cdata +1 · Cdata Sync +1

Name of the Vulnerable Software and Affected Versions: CData Sync versions prior to 23.4.8843 Description: A path traversal vulnerability exists in the Java version of CData Sync when running using the embedded Jetty server. This issue is related to errors in handling relative paths to directorie...

9CVSS7.3AI score0.02885EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.7 views

PT-2024-2869 · Cdata +1 · Cdata Arc +1

Name of the Vulnerable Software and Affected Versions: CData Arc versions prior to 23.4.8839 Description: A path traversal vulnerability exists in the Java version of CData Arc when running using the embedded Jetty server. This could allow an unauthenticated remote attacker to gain access to...

9CVSS7.4AI score0.03037EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2024/02/26 7:33 p.m.73 views

CVE-2024-22201

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

7.5CVSS7.2AI score0.01433EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 5:7 p.m.7 views

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS7.3AI score0.0326EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 5:7 p.m.4 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.6 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.4 views

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS7.3AI score0.0326EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.5 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.5 views

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS7.3AI score0.0326EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.5 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 2:45 p.m.4 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/12 10:38 a.m.5 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/12 10:38 a.m.4 views

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS7.3AI score0.0326EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/04 6:2 p.m.6 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/04 6:2 p.m.5 views

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS7.3AI score0.0326EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/04 6:2 p.m.68 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7AI score0.99999EPSS
Exploits20References34
RedHat Linux
RedHat Linux
added 2023/12/04 6:1 p.m.3 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/04 6:1 p.m.6 views

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS7.3AI score0.0326EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/04 6:1 p.m.61 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7AI score0.99999EPSS
Exploits20References34
Rows per page
Query Builder