Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jetty vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2018-10504
The WebDorado "Form Maker by WD" plugin prior to 1.12.24 for WordPress allows CSV injection.
Web-dorado Form Maker
1 EDB exploit
685
VMScore
CVE-2018-10063
The Convert Forms extension prior to 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.
Convert Forms Project Convert Forms
1 EDB exploit
445
VMScore
CVE-2014-3626
The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the norm...
Grails Resources
446
VMScore
CVE-2017-9735
Jetty up to and including 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote malicious users to obtain access by observing elapsed times before rejection of incorrect passwords.
Eclipse Jetty
Debian Debian Linux 9.0
Oracle Retail Xstore Point Of Service 15.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Retail Xstore Point Of Service 16.0
Oracle Enterprise Manager Base Platform 13.3
Oracle Enterprise Manager Base Platform 13.2
Oracle Retail Xstore Point Of Service 17.0
Oracle Rest Data Services 12.2.0.1
Oracle Rest Data Services 12.1.0.2
Oracle Rest Data Services 11.2.0.4
Oracle Rest Data Services 18c
Oracle Communications Cloud Native Core Policy 1.5.0
605
VMScore
CVE-2017-7661
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz before 1.4.0, 1.3.2 and ...
Apache Cxf Fediz
Apache Cxf Fediz 1.3.2
Apache Cxf Fediz 1.2.4
668
VMScore
CVE-2016-4800
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x prior to 9.3.9 on Windows allows remote malicious users to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
Eclipse Jetty 9.3.7
Eclipse Jetty 9.3.4
Eclipse Jetty 9.3.5
Eclipse Jetty 9.3.6
Eclipse Jetty 9.3.1
Eclipse Jetty 9.3.2
Eclipse Jetty 9.3.0
Eclipse Jetty 9.3.8
Eclipse Jetty 9.3.3
1 Github repository
505
VMScore
CVE-2015-2080
The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote malicious users to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Fedoraproject Fedora 22
Eclipse Jetty 9.3.0
Eclipse Jetty 9.2.3
Eclipse Jetty 9.2.8
Eclipse Jetty 9.2.5
Eclipse Jetty 9.2.4
Eclipse Jetty 9.2.7
Eclipse Jetty 9.2.6
1 EDB exploit
446
VMScore
CVE-2011-4461
Jetty 8.1.0.RC2 and previous versions computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote malicious users to cause a denial of service (CPU consumption) by sending many crafted parameters.
Oracle Sun Storage Common Array Manager 6.9.0
Mortbay Jetty 7.0.0
Mortbay Jetty 6.1.16
Mortbay Jetty 6.1.15
Mortbay Jetty 6.1.11
Mortbay Jetty 6.1.12
Mortbay Jetty 6.1.4
Mortbay Jetty 6.1.2
Mortbay Jetty 6.1.1
Mortbay Jetty 6.1.0
Mortbay Jetty 6.0.0
Mortbay Jetty 5.1.14
Mortbay Jetty 5.0
Mortbay Jetty 5.1.12
Mortbay Jetty 5.1.11
Mortbay Jetty 5.1.5
Mortbay Jetty 5.1.0
Mortbay Jetty 5.1
Mortbay Jetty 5.1.3
Mortbay Jetty 4.2.17
Mortbay Jetty 4.2.22
Mortbay Jetty 4.2.15
1 Article
505
VMScore
CVE-2011-4404
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote malicious users to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a re...
Vmware Vcenter Update Manager 4.1
Vmware Vcenter Update Manager 4.0
1 EDB exploit
505
VMScore
CVE-2010-1587
The Jetty ResourceHandler in Apache ActiveMQ 5.x prior to 5.3.2 and 5.4.x prior to 5.4.0 allows remote malicious users to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
Apache Activemq 5.3.0
Apache Activemq 5.3.1
Apache Activemq 5.0.0
Apache Activemq 5.4-snapshot
Apache Activemq 5.1.0
Apache Activemq 5.2.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »