Search CVE reports
1 – 10 of 51 results
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent...
2 affected packages
jetty, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| jetty | Not in release | Not in release | — | — | 
| jetty9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | 
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.
1 affected package
jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| jetty9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | 
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can...
1 affected package
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | — | 
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a...
2 affected packages
jetty, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | — | 
| jetty9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | 
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
2 affected packages
jetty, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | — | 
| jetty9 | Not affected | Vulnerable | Vulnerable | Vulnerable | 
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests,...
2 affected packages
jetty, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | — | 
| jetty9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | 
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server...
1 affected package
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release | 
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header...
1 affected package
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Ignored | 
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that...
1 affected package
jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| jetty9 | Not affected | Vulnerable | Vulnerable | Vulnerable | 
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive...
1 affected package
jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| jetty9 | Not affected | Vulnerable | Vulnerable | Vulnerable |