Search CVE reports


Toggle filters

1 – 10 of 45 results


CVE-2024-8184

Medium priority
Needs evaluation

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can...

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-22201

Medium priority
Needs evaluation

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server...

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2023-36478

Medium priority
Needs evaluation

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header...

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Ignored Needs evaluation
Show less packages

CVE-2023-41900

Medium priority
Needs evaluation

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that...

1 affected package

jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-40167

Medium priority
Needs evaluation

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive...

1 affected package

jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-36479

Medium priority
Needs evaluation

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a...

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Ignored Needs evaluation
Show less packages

CVE-2023-26049

Medium priority
Vulnerable

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing...

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2023-26048

Medium priority
Vulnerable

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()`...

1 affected package

jetty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2022-2191

Medium priority
Needs evaluation

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-2048

Medium priority
Needs evaluation

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages