Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jetty vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-22553
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to ...
Google Gerrit
NA
CVE-2024-31849
A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote malicious user to gain complete administrative access to the application.
NA
CVE-2024-31848
A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote malicious user to gain complete administrative access to the application.
NA
CVE-2024-31850
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote malicious user to gain access to sensitive information and perform limited actions.
NA
CVE-2024-31851
A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote malicious user to gain access to sensitive information and perform limited actions.
5
CVSSv2
CVE-2010-1587
The Jetty ResourceHandler in Apache ActiveMQ 5.x prior to 5.3.2 and 5.4.x prior to 5.4.0 allows remote malicious users to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
Apache Activemq 5.3.0
Apache Activemq 5.3.1
Apache Activemq 5.0.0
Apache Activemq 5.4-snapshot
Apache Activemq 5.1.0
Apache Activemq 5.2.0
1 EDB exploit
NA
CVE-2024-22201
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing...
5
CVSSv2
CVE-2018-17605
An issue exists in the Asset Pipeline plugin prior to 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal ro...
Asset Pipeline Project Asset-pipeline
7.5
CVSSv2
CVE-2019-10104
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote malicious user to execute code when the configuration is running, because a JMX server listened on all ...
Jetbrains Intellij Idea
5
CVSSv2
CVE-2011-4404
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote malicious users to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a re...
Vmware Vcenter Update Manager 4.1
Vmware Vcenter Update Manager 4.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »