Search CVE reports
11 – 20 of 44 results
CVE-2021-34429
Medium priorityFor Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation...
1 affected packages
jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty9 | Vulnerable | Vulnerable | Not affected | Not affected | Needs evaluation |
CVE-2021-34428
Low priorityFor Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| jetty9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-28169
Medium priorityFor Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| jetty9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-27223
Medium priorityIn Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a...
1 affected packages
jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty9 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-27218
Medium priorityIn Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single...
2 affected packages
eclipse, jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| eclipse | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
CVE-2020-27216
Medium priorityIn Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| jetty9 | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-17638
Medium priorityIn Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers...
1 affected packages
jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty9 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-17632
Low priorityIn Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| jetty9 | Needs evaluation | Needs evaluation | Not affected | Needs evaluation | Needs evaluation |
CVE-2009-5046
Medium priorityJSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
1 affected packages
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | — | — | — | — | — |
CVE-2009-5045
Low priorityDump Servlet information leak in jetty before 6.1.22.
1 affected packages
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | — | — | — | — | — |