Lucene search
K

9 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5294 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2023/04/18 8:30 p.m.592 views

CVE-2023-26048

CVE-2023-26048 (Jetty) affects Jetty’s Java-based web server/servlet engine. Affected servlets using multipart support (e.g., @MultipartConfig) calling HttpServletRequest.getParameter() or getParts() may trigger an OutOfMemoryError when a client sends a multipart part with a name but no filename ...

5.3CVSS5.9AI score0.0326EPSS
CVE
CVE
added 2023/04/18 8:35 p.m.553 views

CVE-2023-26049

Jetty cookie parsing vulnerability CVE-2023-26049 affects Jetty’s cookie handling where a cookie VALUE starting with a double quote can cause the parser to read past semicolons, effectively merging multiple cookies into one. This can enable cookie smuggling (e.g., exfiltrating HttpOnly cookies li...

5.3CVSS5.1AI score0.013EPSS
CVE
CVE
added 2022/07/07 8:45 p.m.546 views

CVE-2022-2047

CVE-2022-2047 affects Eclipse Jetty: vulnerable in Jetty 9.4.0–9.4.46, 10.0.0–10.0.9, and 11.0.0–11.0.9. The HttpURI class misparses the authority segment of an HTTP URI, treating certain invalid inputs as a hostname, which can cause failures in a proxy scenario. Connected documents provide exact...

4CVSS5.2AI score0.01173EPSS
CVE
CVE
added 2021/06/09 1:55 a.m.521 views

CVE-2021-28169

CVE-2021-28169 affects Eclipse Jetty shipped with multiple versions (<= 9.4.40, <= 10.0.2,

5.3CVSS5.2AI score0.7848EPSS
In wildWeb
CVE
CVE
added 2022/07/07 8:35 p.m.408 views

CVE-2022-2048

CVE-2022-2048 concerns the Eclipse Jetty HTTP/2 server. The bug occurs when handling an invalid HTTP/2 request, where the error path fails to properly clean up active connections and associated resources. This can lead to a denial of service due to resource exhaustion, rendering the server unable...

7.5CVSS7.3AI score0.0227EPSS
CVE
CVE
added 2017/06/16 9:0 p.m.180 views

CVE-2017-9735

CVE-2017-9735 affects Jetty (Jetty 9.x family) via a timing-channel flaw in util/security/Password.java, enabling a remote attacker to infer sensitive information by measuring response times to incorrect password attempts. The issue can lead to unauthorized access and is described with a CVSS bas...

7.5CVSS7.3AI score0.05795EPSS
CVE
CVE
added 2019/11/06 7:51 p.m.111 views

CVE-2009-5045

CVE-2009-5045 concerns an information disclosure in the Jetty Dump Servlet . Affected software is the Jetty web server/servlet container, with the vulnerability existing in versions prior to 6.1.22 . The NVD reports a CVSSv3.1 base score of 7.5 (HIGH) , indicating a network-accessible issue with ...

7.5CVSS7.3AI score0.02299EPSS
CVE
CVE
added 2019/11/06 7:57 p.m.107 views

CVE-2009-5046

CVE-2009-5046 affects Jetty (JSP Dump and Session Dump Servlets) with XSS due to improper validation in the JSP Dump and Session Dump Servlets, observed in Jetty versions before 6.1.22. The vulnerability enables cross-site scripting that can steal cookie-based credentials when a page using the af...

6.1CVSS6AI score0.01544EPSS