2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.0005 Low
EPSS
Percentile
15.3%
jetty-http is vulnerable to improper input validation. The vulnerability exists because the authority
function of HttpURI.java
does not properly validate the _path
parameter as a valid authority, allowing an attacker to parse invalid URLs such as http://localhost;/path
for the hostname.
github.com/eclipse/jetty.project/commit/4ca8afbbd667c19a084d5ff14a4f08eb7049d1c7
github.com/eclipse/jetty.project/commit/d1e64f469362bb9371d530cccded5ecb13fa1cb5
github.com/eclipse/jetty.project/commit/d1e64f469362bb9371d530cccded5ecb13fa1cb5
github.com/eclipse/jetty.project/issues/8014
github.com/eclipse/jetty.project/pull/8015
github.com/eclipse/jetty.project/pull/8146
github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
lists.debian.org/debian-lts-announce/2022/08/msg00011.html
security.netapp.com/advisory/ntap-20220901-0006/
www.debian.org/security/2022/dsa-5198
2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.0005 Low
EPSS
Percentile
15.3%