Security Misconfiguration org.eclipse.jetty:jetty-server Dependency in Crowd Data Center and Server

This High severity org.eclipse.jetty:jetty-server Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-server Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Denial Of Service (DoS)

org.eclipse.jetty is vulnerable to Denial Of Service DoS. The vulnerability arises from the library's failure to appropriately limit the size in HPACK header values. This allows an attacker to repeatedly send maliciously crafted HTTP messages, leading to an integer overflow and ultimately causing...

Weak Authentication

org.eclipse.jetty, jetty-openid is vulnerable to Weak Authentication. The vulnerability is caused by a logical programming defect in the validateRequest function in the OpenIdAuthenticator.java class which allows current requests to still proceed even when LoginService does return that the...

Denial Of Service (DOS)

org.eclipse.jetty: jetty-server is vulnerable to Denial of Service. The vulnerability exists due to a lack of multipart file upload sanitization that affects HttpServletRequest.getParameter or HttpServletRequest.getParts methods annotated with @MultipartConfig, which allows an attacker to submit ...

Insecure Session ID

org.eclipse.jetty, jetty-server has Insecure Session ID. The vulnerability exists due the SessionListenersessionDestroyed not validating the session ID if an exception is thrown...