Search CVE reports

Toggle filters

21 – 30 of 50 results

CVE-2020-27216

Medium priority
Needs evaluation

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A...

3 affected packages

jetty9, jetty, jetty8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty9 Not affected Not affected Needs evaluation Needs evaluation
jetty Not in release Not in release Not in release Not in release
jetty8 Not in release Not in release Not in release Not in release
Show less packages

CVE-2019-17638

Medium priority
Ignored

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers...

1 affected package

jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty9 Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-17632

Low priority
Needs evaluation

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release Not in release Not in release Not in release
jetty8 Not in release Not in release Not in release Not in release
jetty9 Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-10247

Medium priority
Vulnerable

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on...

3 affected packages

jetty8, jetty9, jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty8 Not in release Not in release Not in release Not in release
jetty9 Vulnerable Vulnerable Vulnerable Vulnerable
jetty Not in release Not in release Not in release Not in release
Show less packages

CVE-2019-10246

Medium priority
Not affected

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a...

3 affected packages

jetty8, jetty, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty8 Not in release
jetty Not in release
jetty9 Not affected
Show less packages

CVE-2019-10241

Low priority
Vulnerable

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release Not in release Not in release Not in release
jetty8 Not in release Not in release Not in release Not in release
jetty9 Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2018-12545

Medium priority
Not affected

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The...

2 affected packages

jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty8 Not in release Not in release
jetty9 Not affected Not affected
Show less packages

CVE-2018-12538

Medium priority
Ignored

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and...

2 affected packages

jetty, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release
jetty9 Not affected
Show less packages

CVE-2018-12536

Low priority
Vulnerable

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's...

2 affected packages

jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty8 Not in release Not in release Not in release Not in release
jetty9 Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-9735

Medium priority

Some fixes available 2 of 9

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release Not in release Not in release Not in release
jetty8 Not in release Not in release Not in release Not in release
jetty9 Not affected Not affected Not affected Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON