VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.eclipse.jetty:jetty-server

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2016-4800 critical 9.8 9.8 9y ago The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints … debianjava
CVE-2021-28165 high 8.0 5y ago In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. archsusedebianjava
CVE-2017-9735 high 7.5 7.5 9y ago Jetty vulnerable to exposure of sensitive information due to observable discrepancy debianjava
CVE-2015-2080 high 7.5 7.5 10y ago Jetty vulnerable to exposure of sensitive information to unauthenticated remote users fedorajava
CVE-2011-4461 medium 5.3 5.3 15y ago Improper Input Validation in Jetty java
CVE-2026-1605 unknown 3mo ago The Eclipse Jetty Server Artifact has a Gzip request memory leak debianjava
CVE-2024-13009 unknown 1y ago **UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request susedebianjava
CVE-2024-8184 unknown 2y ago There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending cra… debiansusejava
CVE-2023-26048 unknown 3y ago OutOfMemoryError for large multipart without filename in Eclipse Jetty susedebianjava
CVE-2023-26049 unknown 3y ago Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tam… susedebianjava
CVE-2022-2191 unknown 4y ago In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. susedebianjava
CVE-2006-6969 unknown 4y ago Jetty Uses Predictable Session Identifiers susejava
CVE-2021-34428 unknown 5y ago For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID mana… susedebianjava
CVE-2020-27223 unknown 5y ago In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) paramete… susedebianjava
CVE-2020-27218 unknown 6y ago In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients… susedebianjava
CVE-2019-17638 unknown 6y ago Operation on a Resource after Expiration or Release in Jetty Server debianjava
CVE-2019-17632 unknown 7y ago In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escap… debianjava
CVE-2019-10246 unknown 7y ago Information Exposure vulnerability in Eclipse Jetty debianjava
CVE-2019-10247 unknown 7y ago Installation information leak in Eclipse Jetty debianjava
CVE-2019-10241 unknown 7y ago In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServ… debianjava
CVE-2018-12545 unknown 7y ago In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many sm… debianjava
CVE-2017-7658 unknown 8y ago In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the… debianjava
CVE-2017-7656 unknown 8y ago In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line… debianjava
CVE-2018-12536 unknown 8y ago In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handle… debianjava
CVE-2017-7657 unknown 8y ago Critical severity vulnerability that affects org.eclipse.jetty:jetty-server debianjava
CVE-2018-12538 unknown 8y ago In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access… debianjava