Search CVE reports


Toggle filters

1 – 10 of 18 results


CVE-2022-2191

Medium priority
Needs evaluation

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-2048

Medium priority
Needs evaluation

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-2047

Medium priority
Needs evaluation

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-34428

Low priority
Needs evaluation

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-28169

Medium priority
Needs evaluation

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-27216

Medium priority
Needs evaluation

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-17632

Low priority
Needs evaluation

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Needs evaluation
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Needs evaluation Needs evaluation Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2019-10247

Medium priority
Vulnerable

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Vulnerable
jetty8 Not in release Not in release Not in release Not in release Vulnerable
jetty9 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2019-10246

Medium priority
Not affected

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not affected
jetty8 Not in release Not affected
jetty9 Not affected Not affected
Show less packages

CVE-2019-10241

Low priority
Vulnerable

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is...

3 affected packages

jetty, jetty8, jetty9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jetty Not in release Not in release Not in release Not in release Vulnerable
jetty8 Not in release Not in release Not in release Not in release Needs evaluation
jetty9 Not affected Not affected Not affected Vulnerable Not affected
Show less packages