Denial Of Service (DoS)

org.eclipse.jetty:jetty-servlets is vulnerable to Denial Of Service DoS. The vulnerability is due to unauthenticated users being able to exhaust the server's memory, leading to a crash...

Arbitrary Code Execution

Jetty-servlets is vulnerable to Arbitrary Code Execution. The vulnerability is due to insecure escaping of user input which can result in the execution of arbitrary commands. This vulnerability occurs in the CGI servlet handler through the getRuntime.exec method...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update

Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Information Disclosure

jetty-servlets is vulnerable to information disclosure. Lack of proper handling of requests to the ConcatServlet with a doubly encoded path allows an attacker to access protected resources within the WEB-INF directory. For example, sending /concat?/%2557EB-INF/web.xml can retrieve the web.xml fil...