9 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2023-26048
CVE-2023-26048 (Jetty) affects Jetty’s Java-based web server/servlet engine. Affected servlets using multipart support (e.g., @MultipartConfig) calling HttpServletRequest.getParameter() or getParts() may trigger an OutOfMemoryError when a client sends a multipart part with a name but no filename ...
CVE-2023-26049
Jetty cookie parsing vulnerability CVE-2023-26049 affects Jetty’s cookie handling where a cookie VALUE starting with a double quote can cause the parser to read past semicolons, effectively merging multiple cookies into one. This can enable cookie smuggling (e.g., exfiltrating HttpOnly cookies li...
CVE-2022-2047
CVE-2022-2047 affects Eclipse Jetty: vulnerable in Jetty 9.4.0–9.4.46, 10.0.0–10.0.9, and 11.0.0–11.0.9. The HttpURI class misparses the authority segment of an HTTP URI, treating certain invalid inputs as a hostname, which can cause failures in a proxy scenario. Connected documents provide exact...
CVE-2021-28169
CVE-2021-28169 affects Eclipse Jetty shipped with multiple versions (<= 9.4.40, <= 10.0.2,
CVE-2022-2048
CVE-2022-2048 concerns the Eclipse Jetty HTTP/2 server. The bug occurs when handling an invalid HTTP/2 request, where the error path fails to properly clean up active connections and associated resources. This can lead to a denial of service due to resource exhaustion, rendering the server unable...
CVE-2017-9735
CVE-2017-9735 affects Jetty (Jetty 9.x family) via a timing-channel flaw in util/security/Password.java, enabling a remote attacker to infer sensitive information by measuring response times to incorrect password attempts. The issue can lead to unauthorized access and is described with a CVSS bas...
CVE-2009-5045
CVE-2009-5045 concerns an information disclosure in the Jetty Dump Servlet . Affected software is the Jetty web server/servlet container, with the vulnerability existing in versions prior to 6.1.22 . The NVD reports a CVSSv3.1 base score of 7.5 (HIGH) , indicating a network-accessible issue with ...
CVE-2009-5046
CVE-2009-5046 affects Jetty (JSP Dump and Session Dump Servlets) with XSS due to improper validation in the JSP Dump and Session Dump Servlets, observed in Jetty versions before 6.1.22. The vulnerability enables cross-site scripting that can steal cookie-based credentials when a page using the af...