Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jetty vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv2
CVE-2022-22333
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local att...
Ibm Sterling External Authentication Server 3.4.3.2
Ibm Sterling External Authentication Server 6.0.2.0
Ibm Sterling External Authentication Server 6.0.3.0
Ibm Sterling Secure Proxy 3.4.3.2
Ibm Sterling Secure Proxy 6.0.2
Ibm Sterling Secure Proxy 6.0.3.0
NA
CVE-2023-0815
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Me...
Opennms Horizon
Opennms Meridian
5
CVSSv2
CVE-2018-1000817
Asset Pipeline Grails Plugin Asset-pipeline plugin version before 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable v...
Asset Pipeline Project Asset-pipeline
7.5
CVSSv2
CVE-2020-28165
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.
Easycorp Zentao
6.9
CVSSv2
CVE-2020-28169
The td-agent-builder plugin prior to 2020-12-18 for Fluentd allows malicious users to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.
Td-agent-builder Project Td-agent-builder
Debian Debian Linux 10.0
1 Github repository
NA
CVE-2022-41678
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to cr...
Apache Activemq
NA
CVE-2022-41352
An issue exists in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Metasploit module
4 Github repositories
1 Article
5
CVSSv2
CVE-2014-3626
The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the norm...
Grails Resources
NA
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
6.8
CVSSv2
CVE-2018-10504
The WebDorado "Form Maker by WD" plugin prior to 1.12.24 for WordPress allows CSV injection.
Web-dorado Form Maker
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »