2376 matches found
Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition
Summary Multiple vulnerabilities were addressed in IBM Tivoli Network Manager IP Edition 4.2.0.24 IFix 1 Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of...
CLEANSTART-2026-CC73064 In Eclipse Jetty, the HTTP/1
Multiple security vulnerabilities affect the apache-zookeeper package. In Eclipse Jetty, the HTTP/1. See references for individual vulnerability details...
org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests
A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests
A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...
org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests
A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...
org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...
Important: Red Hat Security Advisory: HawtIO 4.4.0 for Red Hat build of Apache Camel 4 Release and security update.
HawtIO 4.4.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...
org.eclipse.jetty.ee10/jetty-ee10: early return from the JASPIAuthenticator class without clearing ThreadLocal variables
A flaw was found in Eclipse Jetty. The JASPIAuthenticator class is responsible for handling authentication checks. During these checks, the class sets two ThreadLocal variables to store authentication state. Under certain conditions, the authentication process can return early without properly...
CVE-2026-40984
In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17...
EUVD-2026-35320
In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17...
CVE-2026-40984
CVE-2026-40984 details (from provided sources): Affects Micrometer HTTP server instrumentations across micrometer-core and micrometer-jetty variants (various versions listed in the initial entry). The vulnerability is a DoS triggered by specially crafted HTTP requests. The CVSS v3.1 base score is...
PT-2026-47643
Name of the Vulnerable Software and Affected Versions micrometer-core versions 1.16.0 through 1.16.5 micrometer-core versions 1.15.0 through 1.15.11 micrometer-core versions 1.14.0 through 1.14.15 micrometer-core versions 1.13.0 through 1.13.18 micrometer-core versions 1.9.0 through 1.9.17...
VMware Micrometer 资源管理错误漏洞
VMware Micrometer is an application monitoring metric collection framework developed by the American company VMware. There is a resource management vulnerability in VMware Micrometer; this vulnerability stems from the ability for users to submit custom HTTP requests, which may lead to denial of...
Allocation of Resources Without Limits or Throttling
Overview io.micrometer:micrometer-jetty12 is a Micrometer instrumentation for Jetty 12 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP server metrics instrumentation in Micrometer. An attacker can cause denial of service by sending...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Jetty
Summary There are vulnerabilities in Jetty used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2025-11143, CVE-2026-2332. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has...
org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...
RLSA-2026:20568 Important: jmc security update
JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications...
jmc security update
An update is available for jmc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced s...