Jetty Security Vulnerabilities and Issues — Jetty CVE List

Lucene search

EclipseJetty

5 matches found

CVE•added 2024/10/14 4:15 p.m.•251 views

CVE-2024-8184

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

6.5CVSS6AI score0.00304EPSS

CVE•added 2019/04/22 8:29 p.m.•180 views

CVE-2019-10241

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

6.1CVSS6.1AI score0.10588EPSS

CVE•added 2019/11/25 10:15 p.m.•107 views

CVE-2019-17632

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.

6.1CVSS6.2AI score0.01455EPSS

CVE•added 2019/11/06 8:15 p.m.•90 views

CVE-2009-5046

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.

6.1CVSS6AI score0.0124EPSS

CVE•added 2024/10/14 4:15 p.m.•71 views

CVE-2024-6762

Jetty PushSessionCacheFilter can be exploited by unauthenticated usersto launch remote DoS attacks by exhausting the server’s memory.

6.5CVSS4.3AI score0.00857EPSS