Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eclipse jetty vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-12545
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory al...
Eclipse Jetty 9.3.0
Eclipse Jetty 9.3.1
Eclipse Jetty 9.3.2
Eclipse Jetty 9.3.3
Eclipse Jetty 9.3.4
Eclipse Jetty 9.3.5
Eclipse Jetty 9.3.6
Eclipse Jetty 9.3.7
Eclipse Jetty 9.3.8
Eclipse Jetty 9.3.9
Eclipse Jetty 9.3.10
Eclipse Jetty 9.3.11
4.3
CVSSv2
CVE-2019-10241
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory cont...
Eclipse Jetty 9.2.0
Eclipse Jetty 9.2.1
Eclipse Jetty 9.2.2
Eclipse Jetty 9.2.3
Eclipse Jetty 9.2.4
Eclipse Jetty 9.2.5
Eclipse Jetty 9.2.6
Eclipse Jetty 9.2.7
Eclipse Jetty 9.2.8
Eclipse Jetty 9.2.9
Eclipse Jetty 9.2.10
Eclipse Jetty 9.2.11
7.5
CVSSv2
CVE-2016-4800
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x prior to 9.3.9 on Windows allows remote malicious users to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
Eclipse Jetty 9.3.0
Eclipse Jetty 9.3.1
Eclipse Jetty 9.3.2
Eclipse Jetty 9.3.3
Eclipse Jetty 9.3.4
Eclipse Jetty 9.3.5
Eclipse Jetty 9.3.6
Eclipse Jetty 9.3.7
Eclipse Jetty 9.3.8
1 Github repository
5
CVSSv2
CVE-2019-10247
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Con...
Eclipse Jetty 7.0.0
Eclipse Jetty 7.0.1
Eclipse Jetty 7.0.2
Eclipse Jetty 7.1.0
Eclipse Jetty 7.1.1
Eclipse Jetty 7.1.2
Eclipse Jetty 7.1.3
Eclipse Jetty 7.1.4
Eclipse Jetty 7.1.5
Eclipse Jetty 7.1.6
Eclipse Jetty 7.2.0
Eclipse Jetty 7.2.1
5
CVSSv2
CVE-2015-2080
The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote malicious users to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Fedoraproject Fedora 22
Eclipse Jetty 9.2.3
Eclipse Jetty 9.2.4
Eclipse Jetty 9.2.5
Eclipse Jetty 9.2.6
Eclipse Jetty 9.2.7
Eclipse Jetty 9.2.8
Eclipse Jetty 9.3.0
1 EDB exploit
4.3
CVSSv2
CVE-2019-17632
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.
Eclipse Jetty 9.4.21
Eclipse Jetty 9.4.22
Eclipse Jetty 9.4.23
7.5
CVSSv2
CVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Bec...
Eclipse Jetty 9.4.27
Eclipse Jetty 9.4.28
Eclipse Jetty 9.4.29
5
CVSSv2
CVE-2022-2191
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
Eclipse Jetty
6.5
CVSSv3
CVE-2024-6762
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
Eclipse Jetty
5.3
CVSSv3
CVE-2024-6763
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from t...
Eclipse Jetty
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
apache atlas
wp html page sitemap
inject
everest forms
CVE-2025-25356
CVE-2024-47264
cross-site scripting
CVE-2025-0837
CVE-2025-25286
*
CVE-2024-12754
arbitrary code
CVE-2025-24472
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »