Low severityNVD Advisory· Published Mar 5, 2026· Updated Mar 5, 2026
CVE-2025-11143
CVE-2025-11143
Description
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.eclipse.jetty:jetty-httpMaven | >= 9.4.0, <= 9.4.58 | — |
org.eclipse.jetty:jetty-httpMaven | >= 10.0.0, <= 10.0.26 | — |
org.eclipse.jetty:jetty-httpMaven | >= 11.0.0, <= 11.0.26 | — |
org.eclipse.jetty:jetty-httpMaven | >= 12.0.0, < 12.0.31 | 12.0.31 |
org.eclipse.jetty:jetty-httpMaven | >= 12.1.0, < 12.1.5 | 12.1.5 |
Affected products
63- osv-coords62 versionspkg:apk/chainguard/akhqpkg:apk/chainguard/apache-hoppkg:apk/chainguard/apache-hop-fipspkg:apk/chainguard/cloudwatch-exporterpkg:apk/chainguard/confluent-kafkapkg:apk/chainguard/confluent-kafka-jre-bcfipspkg:apk/chainguard/dependency-trackpkg:apk/chainguard/dependency-track-apiserverpkg:apk/chainguard/dependency-track-bundledpkg:apk/chainguard/kafka-4.0pkg:apk/chainguard/kafka-4.1pkg:apk/chainguard/kafka-4.2pkg:apk/chainguard/kafka-fips-4.1pkg:apk/chainguard/kafka-fips-4.2pkg:apk/chainguard/neo4j-5.26pkg:apk/chainguard/pinotpkg:apk/chainguard/pinot-fipspkg:apk/chainguard/solrpkg:apk/chainguard/spark-fips-3.5-scala-2.12pkg:apk/chainguard/spark-fips-3.5-scala-2.13pkg:apk/chainguard/spark-kubernetes-operatorpkg:apk/chainguard/spark-kubernetes-operator-fipspkg:apk/chainguard/strimzi-kafka-operator-cluster-operatorpkg:apk/chainguard/strimzi-kafka-operator-fips-kafka-thirdparty-libs-ccpkg:apk/chainguard/strimzi-kafka-operator-kafka-agentpkg:apk/chainguard/strimzi-kafka-operator-kafka-initpkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/chainguard/strimzi-kafka-operator-topic-operatorpkg:apk/chainguard/strimzi-kafka-operator-tracing-agentpkg:apk/chainguard/strimzi-kafka-operator-user-operatorpkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/wso2ispkg:apk/chainguard/zookeeper-3.8pkg:apk/chainguard/zookeeper-3.9pkg:apk/chainguard/zookeeper-fips-3.8pkg:apk/chainguard/zookeeper-fips-3.9pkg:apk/wolfi/akhqpkg:apk/wolfi/cloudwatch-exporterpkg:apk/wolfi/confluent-kafkapkg:apk/wolfi/dependency-trackpkg:apk/wolfi/dependency-track-bundledpkg:apk/wolfi/kafka-4.0pkg:apk/wolfi/kafka-4.1pkg:apk/wolfi/kafka-4.2pkg:apk/wolfi/neo4j-5.26pkg:apk/wolfi/solrpkg:apk/wolfi/strimzi-kafka-operator-cluster-operatorpkg:apk/wolfi/strimzi-kafka-operator-kafka-agentpkg:apk/wolfi/strimzi-kafka-operator-kafka-initpkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/wolfi/strimzi-kafka-operator-topic-operatorpkg:apk/wolfi/strimzi-kafka-operator-tracing-agentpkg:apk/wolfi/strimzi-kafka-operator-user-operatorpkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/zookeeper-3.8pkg:apk/wolfi/zookeeper-3.9pkg:maven/org.eclipse.jetty/jetty-httppkg:rpm/opensuse/jetty-minimal&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/jetty-minimal&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/jetty-websocket&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7
< 0.26.0-r10+ 61 more
- (no CPE)range: < 0.26.0-r10
- (no CPE)range: < 2.17.0-r3
- (no CPE)range: < 2.17.0-r3
- (no CPE)range: < 0.17.0-r0
- (no CPE)range: < 8.3.0.375-r0
- (no CPE)range: < 8.3.0.411-r0
- (no CPE)range: < 4.14.0-r0
- (no CPE)range: < 4.14.0-r0
- (no CPE)range: < 4.14.0-r0
- (no CPE)range: < 4.0.2-r1
- (no CPE)range: < 4.1.2-r1
- (no CPE)range: < 4.2.0-r5
- (no CPE)range: < 4.1.2-r1
- (no CPE)range: < 4.2.1-r0
- (no CPE)range: < 5.26.21-r3
- (no CPE)range: < 1.5.0-r0
- (no CPE)range: < 1.5.0-r0
- (no CPE)range: < 10.0.0-r1
- (no CPE)range: < 3.5.8-r0
- (no CPE)range: < 3.5.8-r0
- (no CPE)range: < 0.9.0-r0
- (no CPE)range: < 0.7.0-r1
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r1
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 481-r9
- (no CPE)range: < 7.3.0-r0
- (no CPE)range: < 3.8.6-r1
- (no CPE)range: < 3.9.5-r0
- (no CPE)range: < 3.8.6-r2
- (no CPE)range: < 3.9.5-r0
- (no CPE)range: < 0.26.0-r10
- (no CPE)range: < 0.17.0-r0
- (no CPE)range: < 8.3.0.375-r0
- (no CPE)range: < 4.14.0-r0
- (no CPE)range: < 4.14.0-r0
- (no CPE)range: < 4.0.2-r1
- (no CPE)range: < 4.1.2-r1
- (no CPE)range: < 4.2.0-r5
- (no CPE)range: < 5.26.21-r3
- (no CPE)range: < 10.0.0-r1
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 1.0.0-r8
- (no CPE)range: < 481-r9
- (no CPE)range: < 3.8.6-r1
- (no CPE)range: < 3.9.5-r0
- (no CPE)range: >= 9.4.0, <= 9.4.58
- (no CPE)range: < 9.4.58-150200.3.37.1
- (no CPE)range: < 9.4.58-3.1
- (no CPE)range: < 9.4.58-150200.3.37.1
- (no CPE)range: < 9.4.58-150200.3.37.1
- (no CPE)range: < 9.4.58-150200.3.37.1
- Eclipse Foundation/Eclipse Jettyv5Range: 9.4.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.