Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jetty vulnerabilities and exploits
(subscribe to this query)
9.4
CVSSv3
CVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Bec...
Eclipse Jetty 9.4.29
Eclipse Jetty 9.4.28
Eclipse Jetty 9.4.27
NA
CVE-2006-2759
jetty 6.0.x (jetty6) beta16 allows remote malicious users to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.
Jetty Jetty 6.0 Beta 16
NA
CVE-2002-1533
Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote malicious users to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).
Jetty Jetty 4.1.0 Rc4
1 EDB exploit
NA
CVE-2007-5615
CRLF injection vulnerability in Mortbay Jetty prior to 6.1.6rc0 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Mortbay Jetty Jetty
NA
CVE-2006-2758
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote malicious users to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
Jetty Jetty 6.0
1 EDB exploit
NA
CVE-2002-1178
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server prior to 4.1.0 allows remote malicious users to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.
Jetty Jetty Http Server
1 EDB exploit
NA
CVE-2009-3579
Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote malicious users to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.
Mortbay Jetty 6.1.19
Mortbay Jetty 6.1.20
6.1
CVSSv3
CVE-2009-5048
Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.
Mortbay Jetty
7.5
CVSSv3
CVE-2022-2191
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
Eclipse Jetty
5.3
CVSSv3
CVE-2023-26048
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a...
Eclipse Jetty
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »