Search CVE reports
21 – 30 of 51 results
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single...
2 affected packages
eclipse, jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| eclipse | Not in release | Not in release | Not in release | Needs evaluation |
| jetty | Not in release | Not in release | Not in release | Not in release |
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A...
3 affected packages
jetty9, jetty, jetty8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty9 | Not affected | Not affected | Needs evaluation | Needs evaluation |
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers...
1 affected package
jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty9 | Not affected | Not affected | Not affected | Not affected |
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references...
1 affected package
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | — | — | — | — |
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
1 affected package
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | — | — | — | — |
Dump Servlet information leak in jetty before 6.1.22.
1 affected package
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | — | — | — | — |
WebApp JSP Snoop page XSS in jetty though 6.1.21.
1 affected package
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | — | — | — | — |
Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.
1 affected package
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | — | — | — | — |
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on...
3 affected packages
jetty8, jetty9, jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| jetty | Not in release | Not in release | Not in release | Not in release |