SUSE CVE-2022-2048

🗓️ 15 Feb 2023 03:33:08Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 2 Views

Jetty HTTP/2 server bug fails to clean up resources on invalid requests, causing denial of service.

Reporter	Title	Published	Views	Family All 110
IBM Security Bulletins	Security Bulletin: IBM Secure External Authentication Server is vulnerable to multiple issues due to Eclipse Jetty	29 Jul 202217:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518)	29 Sep 202214:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities	4 May 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	26 Oct 202218:06	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Service Tester has taken steps to mitigate these vulnerabilities.	22 Nov 202213:50	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities discovered in libraries used by Apache Zookeeper that is included in ITNM (CVE-2020-36518, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823)	4 Jan 202315:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues due to Eclipse Jetty	29 Jul 202217:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM InfoSphere Information Server	17 May 202302:32	–	ibm
IBM Security Bulletins	Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester	17 Aug 202205:45	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2023	27 Jan 202306:39	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	jetty-annotations	9.4.48-1.1	jetty-annotations-9.4.48-1.1.noarch.rpm
OpenSUSE Leap	15.4	any	jetty-annotations	9.4.48-150200.3.16.3	jetty-annotations-9.4.48-150200.3.16.3.noarch.rpm
SUSE Linux Enterprise Server	15.5	any	jetty-annotations	9.4.48-150200.3.16.3	jetty-annotations-9.4.48-150200.3.16.3.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	jetty-annotations	9.4.48-150200.3.16.3	jetty-annotations-9.4.48-150200.3.16.3.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	jetty-annotations	9.4.48-150200.3.16.3	jetty-annotations-9.4.48-150200.3.16.3.noarch.rpm
OpenSUSE Tumbleweed	–	any	jetty-ant	9.4.48-1.1	jetty-ant-9.4.48-1.1.noarch.rpm
OpenSUSE Leap	15.4	any	jetty-ant	9.4.48-150200.3.16.3	jetty-ant-9.4.48-150200.3.16.3.noarch.rpm
SUSE Linux Enterprise Server	15.5	any	jetty-ant	9.4.48-150200.3.16.3	jetty-ant-9.4.48-150200.3.16.3.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	jetty-ant	9.4.48-150200.3.16.3	jetty-ant-9.4.48-150200.3.16.3.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	jetty-ant	9.4.48-150200.3.16.3	jetty-ant-9.4.48-150200.3.16.3.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2022-2048
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1201316
lists	www.lists.suse.com/pipermail/sle-security-updates/2023-March/014085.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2023-March/014086.html
lists	www.lists.suse.com/pipermail/sle-updates/2023-March/028253.html
lists	www.lists.suse.com/pipermail/sle-updates/2023-March/028254.html

31 Mar 2026 09:00Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5

EPSS0.01818

Jetty Http two server Invalid requests Resource cleanup Denial of service