Search CVE reports


Toggle filters

11 – 20 of 45 results


CVE-2022-2047

Medium priority
Needs evaluation

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-34429

Medium priority
Vulnerable

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation...

1 affected package

jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty9 Vulnerable Vulnerable Not affected Not affected Needs evaluation
Show less packages

CVE-2021-34428

Low priority
Needs evaluation

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-28169

Medium priority
Needs evaluation

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-27223

Medium priority
Needs evaluation

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a...

1 affected package

jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty9 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-27218

Medium priority
Needs evaluation

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single...

2 affected packages

eclipse, jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
eclipse Not in release Not in release Not in release Needs evaluation Needs evaluation
jetty Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2020-27216

Medium priority
Needs evaluation

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-17638

Medium priority
Needs evaluation

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers...

1 affected package

jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-17632

Low priority
Needs evaluation

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Needs evaluation Needs evaluation Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2009-5046

Medium priority
Ignored

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty
Show less packages