Lucene search
+L

189 matches found

RedHat Linux
RedHat Linux
added 2023/12/04 6:0 p.m.3 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/04 6:0 p.m.7 views

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS7.3AI score0.0326EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/04 6:0 p.m.63 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7AI score0.99999EPSS
Exploits20References34
Tenable Nessus
Tenable Nessus
added 2023/12/04 12:0 a.m.50 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 (RHSA-2023:7637)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7637 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

7.5CVSS7.3AI score0.99999EPSS
Exploits20References43
Tenable Nessus
Tenable Nessus
added 2023/12/04 12:0 a.m.54 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 (RHSA-2023:7639)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7639 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

7.5CVSS7.3AI score0.99999EPSS
Exploits20References43
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/23 3:22 a.m.12 views

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty

Summary IBM Sterling Connect:Direct Browser User Interface uses Jetty server. Vulnerability Details IBM X-Force ID: 260681 DESCRIPTION: Eclipse Jetty is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a weakly configured XML parser. By using specially...

7.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 1:18 p.m.59 views

Security Bulletin: There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)

Summary There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite CVE-2023-26049 Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in...

5.3CVSS5.5AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 3:12 a.m.46 views

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty.

Summary IBM Sterling Connect:Direct Browser User Interface uses Jetty server. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sending a specially crafte...

7.5CVSS8AI score0.99999EPSS
Exploits21Affected Software1
RedHat Linux
RedHat Linux
added 2023/11/15 5:7 p.m.4 views

jetty: OpenId Revoked authentication allows one request

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...

4.3CVSS7.1AI score0.00753EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/06 12:56 p.m.50 views

Security Bulletin: There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Asset Management application (CVE-2023-26048)

Summary There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Asset Management application CVE-2023-26048 Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

5.3CVSS6.2AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 7:41 a.m.251 views

Security Bulletin: Vulnerability in jetty-server-9.4.48.v20220622.jar affects IBM Integrated Analytics System (Sailfish) [CVE-2023-26048]

Summary The jetty-server-9.4.48.v20220622.jar package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26048. Vulnerability Details CVEID: CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused b...

5.3CVSS6.6AI score0.0326EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2023/10/10 9:28 p.m.12 views

com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +705 more potentially affected by CVE-2023-44487 via org.eclipse.jetty.http2:jetty-http2-server (>=12.0.0 <=12.0.19)

org.eclipse.jetty.http2:jetty-http2-server MAVEN version =12.0.0, =5.3.1, =2.6.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.295, =0.295, =0.295, =0.295, =0.295, =0.296 and more Source cves: CVE-2023-44487 Source advisory: OSV:GHSA-QPPJ-FM5R-HXR3...

7.5CVSS7AI score0.99999EPSS
Exploits20
OSV
OSV
added 2023/10/10 5:15 p.m.1 views

DEBIAN-CVE-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

7.5CVSS6.8AI score0.03754EPSS
Exploits1References1
OSV
OSV
added 2023/10/10 5:15 p.m.4 views

UBUNTU-CVE-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

7.5CVSS6.9AI score0.03754EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2023/10/04 11:59 a.m.7 views

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS7.3AI score0.0326EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/10/04 11:59 a.m.8 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/09/15 12:0 a.m.11 views

The vulnerabilities of the functions HttpServletRequest.getParameter() and HttpServletRequest.getParts() in the Eclipse Jetty server container allow a attacker to cause a service failure.

The vulnerability of the HttpServletRequest.getParameter and HttpServletRequest.getParts methods in the Eclipse Jetty server container is related to the allocation of unlimited memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

10CVSS6.7AI score0.0326EPSS
Exploits0References7Affected Software8
OSV
OSV
added 2023/09/14 4:17 p.m.2 views

GHSA-HMR7-M48G-48F6 Jetty accepts "+" prefixed value in Content-Length

Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smugglin...

5.3CVSS6.8AI score0.01069EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/09/14 9:51 a.m.5 views

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

5.3CVSS7.3AI score0.0326EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/09/14 9:51 a.m.6 views

jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
Rows per page
Query Builder