Information Disclosure

🗓️ 26 Jun 2018 16:29:06Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 30 Views

Jetty-util and jetty-servlet vulnerable to information disclosure when handling queries with bad characters

Reporter	Title	Published	Views	Family All 52
IBM Security Bulletins	Security Bulletin: IBM Storage Protect Server is vulnerable to various attacks due to Eclipse jetty	21 Jun 202318:36	–	ibm
IBM Security Bulletins	Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Eclipse Jetty code libraries (Multiple CVEs)	7 Jul 202217:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities	4 May 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	7 Oct 202020:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by a Components with known vulnerabilities	6 Oct 202112:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)	6 Nov 201919:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Jasper used in Jetty 8.1.3 Server where Rational Synergy is deployed	22 Dec 202018:18	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Eclipse Jetty affect the IBM InfoSphere Information Server installers	16 Oct 201820:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	29 Jun 202123:59	–	ibm
IBM Security Bulletins	Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability.	3 Jan 201915:15	–	ibm

Vulners

Node

jetty9 jetty9Match9.2.26-1~bpo9+1debian

AND

jetty9 jetty9Match9.2.21-1+deb9u1debian

AND

debian debian_linuxMatch9

eclipse jetty-utilRange9.4.0.M0–9.4.10.v20180503java

eclipse jetty-utilRange9.2.2.v20140723–9.3.23.v20180228java

eclipse jetty-utilRange9.0.0.M0–9.2.1.v20140609java

eclipse jetty-serverRange9.3.4.RC1–9.3.23.v20180228java

eclipse jetty-serverRange9.4.0.M0–9.4.10.v20180503java

eclipse jetty-serverRange9.0.0.M0–9.3.4.RC0java

Source	Link
github	www.github.com/eclipse/jetty.project/issues/2560
dev	www.dev.eclipse.org/mhonarc/lists/jetty-announce/msg00123.html
securitytracker	www.securitytracker.com/id/1041194
lists	www.lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
lists	www.lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
lists	www.lists.debian.org/debian-lts-announce/2021/05/msg00016.html
bugs	www.bugs.eclipse.org/bugs/show_bug.cgi
security	www.security.netapp.com/advisory/ntap-20181014-0001/
support	www.support.hpe.com/hpsc/doc/public/display
oracle	www.oracle.com/security-alerts/cpuoct2020.html

08 Nov 2023 00:33Current

7High risk

Vulners AI Score7

CVSS 25

CVSS 3.15.3

EPSS0.0351