Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse jetty vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-12545
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory al...
Eclipse Jetty 9.3.0
Eclipse Jetty 9.3.1
Eclipse Jetty 9.3.2
Eclipse Jetty 9.3.3
Eclipse Jetty 9.3.4
Eclipse Jetty 9.3.5
Eclipse Jetty 9.3.6
Eclipse Jetty 9.3.7
Eclipse Jetty 9.3.8
Eclipse Jetty 9.3.9
Eclipse Jetty 9.3.10
Eclipse Jetty 9.3.11
6.1
CVSSv3
CVE-2019-10241
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory cont...
Eclipse Jetty 9.2.0
Eclipse Jetty 9.2.1
Eclipse Jetty 9.2.2
Eclipse Jetty 9.2.3
Eclipse Jetty 9.2.4
Eclipse Jetty 9.2.5
Eclipse Jetty 9.2.6
Eclipse Jetty 9.2.7
Eclipse Jetty 9.2.8
Eclipse Jetty 9.2.9
Eclipse Jetty 9.2.10
Eclipse Jetty 9.2.11
9.8
CVSSv3
CVE-2016-4800
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x prior to 9.3.9 on Windows allows remote malicious users to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
Eclipse Jetty 9.3.0
Eclipse Jetty 9.3.1
Eclipse Jetty 9.3.2
Eclipse Jetty 9.3.3
Eclipse Jetty 9.3.4
Eclipse Jetty 9.3.5
Eclipse Jetty 9.3.6
Eclipse Jetty 9.3.7
Eclipse Jetty 9.3.8
1 Github repository
5.3
CVSSv3
CVE-2019-10247
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Con...
Eclipse Jetty 7.0.0
Eclipse Jetty 7.0.1
Eclipse Jetty 7.0.2
Eclipse Jetty 7.1.0
Eclipse Jetty 7.1.1
Eclipse Jetty 7.1.2
Eclipse Jetty 7.1.3
Eclipse Jetty 7.1.4
Eclipse Jetty 7.1.5
Eclipse Jetty 7.1.6
Eclipse Jetty 7.2.0
Eclipse Jetty 7.2.1
7.5
CVSSv3
CVE-2015-2080
The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote malicious users to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Fedoraproject Fedora 22
Eclipse Jetty 9.2.3
Eclipse Jetty 9.2.4
Eclipse Jetty 9.2.5
Eclipse Jetty 9.2.6
Eclipse Jetty 9.2.7
Eclipse Jetty 9.2.8
Eclipse Jetty 9.3.0
1 EDB exploit
6.1
CVSSv3
CVE-2019-17632
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.
Eclipse Jetty 9.4.21
Eclipse Jetty 9.4.22
Eclipse Jetty 9.4.23
9.4
CVSSv3
CVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Bec...
Eclipse Jetty 9.4.27
Eclipse Jetty 9.4.28
Eclipse Jetty 9.4.29
7.5
CVSSv3
CVE-2022-2191
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
Eclipse Jetty
5.3
CVSSv3
CVE-2023-26048
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a...
Eclipse Jetty
1 Github repository
6.5
CVSSv3
CVE-2024-8184
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the serve...
Eclipse Jetty
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-23629
CVE-2024-52331
CVE-2025-0693
precious metals charts and widgets for wordpress
neofix
simple downloads list
CVE-2025-23544
CVE-2025-21298
client side
memory leak
CVE-2019-5418
XSS
deebot x5 pro plus
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »