Search CVE reports
11 – 20 of 50 results
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing...
1 affected package
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()`...
1 affected package
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Not affected |
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation...
1 affected package
jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty9 | Not affected | Vulnerable | Not affected | Not affected |
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Vulnerable | Vulnerable |
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Vulnerable | Vulnerable |
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a...
1 affected package
jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty9 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single...
2 affected packages
eclipse, jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eclipse | Not in release | Not in release | Not in release | Needs evaluation |
| jetty | Not in release | Not in release | Not in release | Not in release |