Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jetty vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Bec...
Eclipse Jetty 9.4.29
Eclipse Jetty 9.4.28
Eclipse Jetty 9.4.27
445
VMScore
CVE-2007-5615
CRLF injection vulnerability in Mortbay Jetty prior to 6.1.6rc0 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Mortbay Jetty Jetty
585
VMScore
CVE-2002-1533
Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote malicious users to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).
Jetty Jetty 4.1.0 Rc4
1 EDB exploit
505
VMScore
CVE-2006-2758
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote malicious users to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
Jetty Jetty 6.0
1 EDB exploit
445
VMScore
CVE-2006-2759
jetty 6.0.x (jetty6) beta16 allows remote malicious users to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.
Jetty Jetty 6.0 Beta 16
505
VMScore
CVE-2002-1178
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server prior to 4.1.0 allows remote malicious users to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.
Jetty Jetty Http Server
1 EDB exploit
383
VMScore
CVE-2009-3579
Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote malicious users to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.
Mortbay Jetty 6.1.19
Mortbay Jetty 6.1.20
NA
CVE-2023-26048
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a...
Eclipse Jetty
1 Github repository
383
VMScore
CVE-2009-5048
Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.
Mortbay Jetty
445
VMScore
CVE-2022-2191
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
Eclipse Jetty
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »