Search CVE reports


Toggle filters

1 – 10 of 49 results


CVE-2024-9823

Medium priority
Vulnerable

There exists a security vulnerability in Jetty’s DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests,...

2 affected packages

jetty, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release Not in release Not in release
jetty9 Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-8184

Medium priority
Needs evaluation

There exists a security vulnerability in Jetty’s ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can...

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release Not in release Not in release
Show less packages

CVE-2024-6763

Medium priority
Vulnerable

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a...

2 affected packages

jetty, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release Not in release Not in release
jetty9 Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-6762

Medium priority
Vulnerable

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

2 affected packages

jetty, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release Not in release Not in release
jetty9 Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-22201

Medium priority
Needs evaluation

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server...

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release Not in release Not in release Not in release
Show less packages

CVE-2024-13009

Medium priority
Needs evaluation

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

1 affected package

jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-41900

Medium priority
Vulnerable

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that...

1 affected package

jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty9 Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2023-40167

Medium priority
Vulnerable

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive...

1 affected package

jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty9 Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2023-36479

Medium priority
Needs evaluation

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a...

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release Not in release Not in release Ignored
Show less packages

CVE-2023-36478

Medium priority
Needs evaluation

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header...

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jetty Not in release Not in release Not in release Ignored
Show less packages