Search CVE reports
31 – 40 of 51 results
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a...
3 affected packages
jetty8, jetty, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | — | — | — | Not in release |
| jetty | — | — | — | Not in release |
| jetty9 | — | — | — | Not affected |
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Vulnerable |
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | — | — | Not in release | Not in release |
| jetty9 | — | — | Not affected | Not affected |
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Not affected |
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Vulnerable |
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to...
2 affected packages
jetty9, jetty8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty9 | Not affected | Not affected | Not affected | Vulnerable |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Vulnerable |
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and...
2 affected packages
jetty, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | — | — | — | Not in release |
| jetty9 | — | — | — | Not affected |
Some fixes available 2 of 9
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release |
| jetty8 | Not in release | Not in release | Not in release | Not in release |
| jetty9 | Not affected | Not affected | Not affected | Not affected |
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jetty | — | — | — | — |
| jetty8 | — | — | — | — |
| jetty9 | — | — | — | — |