4 matches found
[SECURITY] [DSA 5507-1] jetty9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5507-1 [email protected] https://www.debian.org/security/ Markus Koschany September 28, 2023 https://www.debian.org/security/faq -...
CVE-2023-26048
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...
SUSE SLED15: jetty-annotations / jetty-ant / jetty-cdi / jetty-client / etc (SUSE-SU-2023:2539-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2539-1 advisory. Updated to version 9.4.51.v20230217: - CVE-2023-26048: Fixed an excessive memory consumption whe...
CVE-2023-26048
CVE-2023-26048 (Jetty) affects Jetty’s Java-based web server/servlet engine. Affected servlets using multipart support (e.g., @MultipartConfig) calling HttpServletRequest.getParameter() or getParts() may trigger an OutOfMemoryError when a client sends a multipart part with a name but no filename ...