| CVE-2016-4800 |
critical |
9.8 |
9.8 |
9y ago |
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request |
|
| CVE-2021-28165 |
high |
— |
8.0 |
5y ago |
Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources |
|
| CVE-2017-9735 |
high |
7.5 |
7.5 |
9y ago |
Jetty vulnerable to exposure of sensitive information due to observable discrepancy |
|
| CVE-2015-2080 |
high |
7.5 |
7.5 |
10y ago |
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users |
|
| CVE-2026-1605 |
unknown |
— |
— |
3mo ago |
The Eclipse Jetty Server Artifact has a Gzip request memory leak |
|
| CVE-2024-13009 |
unknown |
— |
— |
1y ago |
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request |
|
| CVE-2024-8184 |
unknown |
— |
— |
2y ago |
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks |
|
| CVE-2023-26048 |
unknown |
— |
— |
3y ago |
OutOfMemoryError for large multipart without filename in Eclipse Jetty |
|
| CVE-2023-26049 |
unknown |
— |
— |
3y ago |
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies |
|
| CVE-2022-2191 |
unknown |
— |
— |
4y ago |
Jetty SslConnection does not release pooled ByteBuffers in case of errors |
|
| CVE-2006-6969 |
unknown |
— |
— |
4y ago |
Jetty Uses Predictable Session Identifiers |
|
| CVE-2021-34428 |
unknown |
— |
— |
5y ago |
SessionListener can prevent a session from being invalidated breaking logout |
|
| CVE-2020-27223 |
unknown |
— |
— |
5y ago |
DOS vulnerability for Quoted Quality CSV headers |
|
| CVE-2020-27218 |
unknown |
— |
— |
6y ago |
Buffer not correctly recycled in Gzip Request inflation |
|
| CVE-2019-17638 |
unknown |
— |
— |
6y ago |
Operation on a Resource after Expiration or Release in Jetty Server |
|
| CVE-2019-17632 |
unknown |
— |
— |
7y ago |
Unescaped exception messages in error responses in Jetty |
|
| CVE-2019-10246 |
unknown |
— |
— |
7y ago |
Information Exposure vulnerability in Eclipse Jetty |
|
| CVE-2019-10247 |
unknown |
— |
— |
7y ago |
Installation information leak in Eclipse Jetty |
|
| CVE-2019-10241 |
unknown |
— |
— |
7y ago |
Cross-site Scripting in Eclipse Jetty |
|
| CVE-2018-12545 |
unknown |
— |
— |
7y ago |
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server |
|
| CVE-2017-7658 |
unknown |
— |
— |
8y ago |
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) |
|
| CVE-2017-7656 |
unknown |
— |
— |
8y ago |
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) |
|
| CVE-2018-12536 |
unknown |
— |
— |
8y ago |
Eclipse Jetty Server generates error message containing sensitive information |
|
| CVE-2017-7657 |
unknown |
— |
— |
8y ago |
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server |
|
| CVE-2018-12538 |
unknown |
— |
— |
8y ago |
Access and integrity issue within Eclipse Jetty |
|