Published: 18/04/2023 Updated: 30/09/2023

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).

Vulnerable Product	Search on Vulmon	Subscribe to Product
eclipse jetty

Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine The orgeclipsejettyservletsCGI class has been deprecated It is potentially unsafe to use it The upstream developers of Jetty recommend to use Fast CGI instead See also CVE-2023-36479 CVE-2023-26048 In affected versions servlets with multi ...

Synopsis Moderate: Red Hat Integration Camel for Spring Boot 400 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat Integration Camel for Spring Boot 400 release and security update is now available Red Hat Product Security has rated this update as having an impact of Moderate A Common Vulnerability Scor ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 7414 on RHEL 9 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platfo ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 7414 on RHEL 8 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platfo ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 7414 on RHEL 7 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platfo ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 7414 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Synopsis Important: Jenkins and Jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...

Hitachi Infrastructure Analytics Advisor contains the following vulnerabilities: CVE-2019-10172, CVE-2019-10202, CVE-2021-37533 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2019-10172, CVE-2019-10202, CVE-2021-37533, CVE-2022-1471, CVE-2023-1370, CVE-2023-26048, CVE-2023-26049 Hitachi Ops Center Analyzer viewpoi ...

[gradle-plugin] Common tasks for Dependency Track interaction, like SBOM upload or VEX Generation

Gradle Dependency Track Companion w Plugin This Gradle plugin is designed to ease the process of working with Dependency Track, a Continuous SBOM Analysis Platform With this plugin, you can automate the upload process of SBOM files, generate Vex files for component or vulnerability suppression, and more This plugin internally applies the CycloneDX Gradle plugin, so you don�

CWE-400 https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload https://github.com/eclipse/jetty.project/pull/9345 https://github.com/eclipse/jetty.project/pull/9344 https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8 https://github.com/eclipse/jetty.project/issues/9076 https://security.netapp.com/advisory/ntap-20230526-0001/https://www.debian.org/security/2023/dsa-5507 https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5507 https://github.com/Liftric/dependency-track-companion-plugin

CVE-2023-26048

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect