Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jetty vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40167
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely r...
Eclipse Jetty 12.0.0
Eclipse Jetty
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2023-36479
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a spac...
Eclipse Jetty 12.0.0
Eclipse Jetty
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
5
CVSSv2
CVE-2017-7656
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was ac...
Eclipse Jetty
Debian Debian Linux 9.0
5
CVSSv2
CVE-2009-5045
Dump Servlet information leak in jetty prior to 6.1.22.
Eclipse Jetty
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2009-5046
JSP Dump and Session Dump Servlet XSS in jetty prior to 6.1.22.
Eclipse Jetty
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2009-5049
WebApp JSP Snoop page XSS in jetty though 6.1.21.
Mortbay Jetty
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2020-27223
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high ...
Eclipse Jetty 9.4.6
Eclipse Jetty 9.4.36
Eclipse Jetty
Eclipse Jetty 10.0.0
Eclipse Jetty 11.0.0
Apache Spark 3.1.1
Apache Nifi 1.13.0
Netapp Snap Creator Framework -
Netapp Snapcenter -
Netapp Snapmanager -
Netapp Hci -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp E-series Santricity Web Services -
Netapp Element Plug-in For Vcenter Server -
Netapp E-series Santricity Os Controller
Netapp Management Services For Element Software -
Debian Debian Linux 10.0
Apache Solr 8.8.1
Oracle Rest Data Services
2 Github repositories
NA
CVE-2023-41900
Jetty is a Java based web server and servlet engine. Versions 9.4.21 up to and including 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an alre...
Eclipse Jetty
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2023-26049
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an malicious user to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that...
Eclipse Jetty
Eclipse Jetty 12.0.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Unified Manager -
Netapp Active Iq Unified Manager -
Netapp E-series Santricity Os Controller
NA
CVE-2023-36478
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 up to and including 11.0.15, 10.0.0 up to and including 10.0.15, and 9.0.0 up to and including 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed ...
Eclipse Jetty
Jenkins Jenkins
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »