Search CVE reports
31 – 40 of 52 results
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on...
3 affected packages
jetty8, jetty9, jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| jetty | Not in release | Not in release | Not in release | Not in release |
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a...
3 affected packages
jetty8, jetty, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | — | — | — | Not in release |
| jetty | — | — | — | Not in release |
| jetty9 | — | — | — | Not affected |
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Vulnerable |
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | — | — | Not in release | Not in release |
| jetty9 | — | — | Not affected | Not affected |
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Not affected |
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Vulnerable |
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to...
2 affected packages
jetty9, jetty8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty9 | Not affected | Not affected | Not affected | Vulnerable |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Vulnerable |
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and...
2 affected packages
jetty, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | — | — | — | Not in release |
| jetty9 | — | — | — | Not affected |
Some fixes available 2 of 9
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Not affected |