Search CVE reports
1 – 10 of 18 results
CVE-2022-2191
Medium priorityIn Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
3 affected packages
jetty, jetty8, jetty9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-2048
Medium priorityIn Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a...
3 affected packages
jetty, jetty8, jetty9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty9 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-2047
Medium priorityIn Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a...
3 affected packages
jetty, jetty8, jetty9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty9 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-34428
Low priorityFor Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with...
3 affected packages
jetty, jetty8, jetty9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-28169
Medium priorityFor Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request...
3 affected packages
jetty, jetty8, jetty9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-27216
Medium priorityIn Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A...
3 affected packages
jetty, jetty8, jetty9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty9 | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-17632
Low priorityIn Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in...
3 affected packages
jetty, jetty8, jetty9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty9 | Needs evaluation | Needs evaluation | Not affected | Needs evaluation | Needs evaluation |
CVE-2019-10247
Medium priorityIn Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on...
3 affected packages
jetty, jetty8, jetty9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jetty | Not in release | Not in release | Not in release | Not in release | Vulnerable |
jetty8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
jetty9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2019-10246
Medium priorityIn Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a...
3 affected packages
jetty, jetty8, jetty9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jetty | — | — | — | Not in release | Not affected |
jetty8 | — | — | — | Not in release | Not affected |
jetty9 | — | — | — | Not affected | Not affected |
CVE-2019-10241
Low priorityIn Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is...
3 affected packages
jetty, jetty8, jetty9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jetty | Not in release | Not in release | Not in release | Not in release | Vulnerable |
jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
jetty9 | Not affected | Not affected | Not affected | Vulnerable | Not affected |