Description<!---->A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an malicious user to request smuggling in conjunction with a server that does not close connections after 400 responses.A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an malicious user to request smuggling in conjunction with a server that does not close connections after 400 responses.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse jetty 12.0.0 |
||
eclipse jetty |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
debian debian linux 12.0 |