MadeYouReset HTTP/2 vulnerability
Description
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.
For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal. Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame. The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.
The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.
Links:
- https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.eclipse.jetty.http2:http2-commonMaven | >= 9.3.0, < 9.4.58 | 9.4.58 |
org.eclipse.jetty.http2:http2-commonMaven | >= 10.0.0, < 10.0.26 | 10.0.26 |
org.eclipse.jetty.http2:http2-commonMaven | >= 11.0.0, < 11.0.26 | 11.0.26 |
org.eclipse.jetty.http2:jetty-http2-commonMaven | >= 12.0.0, < 12.0.25 | 12.0.25 |
org.eclipse.jetty.http2:jetty-http2-commonMaven | >= 12.1.0.alpha0, < 12.1.0.beta3 | 12.1.0.beta3 |
Affected products
237- osv-coords236 versionspkg:apk/chainguard/apache-activemq-artemispkg:apk/chainguard/apache-activemq-artemis-compatpkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-compatpkg:apk/chainguard/apache-nifi-registrypkg:apk/chainguard/apache-nifi-registry-toolkitpkg:apk/chainguard/apache-nifi-toolkitpkg:apk/chainguard/hadoop-fips-3.3.6pkg:apk/chainguard/hadoop-fips-3.3.6-compatpkg:apk/chainguard/hadoop-fips-3.3.6-devpkg:apk/chainguard/hadoop-fips-3.3.6-m2pkg:apk/chainguard/jenkins-2pkg:apk/chainguard/jenkins-2.516pkg:apk/chainguard/jenkins-2.516-openjdk-17pkg:apk/chainguard/jenkins-2.516-openjdk-21pkg:apk/chainguard/jenkins-2-openjdk-17pkg:apk/chainguard/jenkins-2-openjdk-21pkg:apk/chainguard/jenkins-compatpkg:apk/chainguard/jenkins-docker-agentpkg:apk/chainguard/jenkins-docker-agent-openjdk-17pkg:apk/chainguard/jenkins-docker-agent-openjdk-21pkg:apk/chainguard/jenkins-remotingpkg:apk/chainguard/jenkins-utilspkg:apk/chainguard/neo4j-2025.01pkg:apk/chainguard/neo4j-2025.01-docker-publishpkg:apk/chainguard/neo4j-2025.02pkg:apk/chainguard/neo4j-2025.02-docker-publishpkg:apk/chainguard/neo4j-2025.03pkg:apk/chainguard/neo4j-2025.03-docker-publishpkg:apk/chainguard/neo4j-2025.04pkg:apk/chainguard/neo4j-2025.04-docker-publishpkg:apk/chainguard/neo4j-2025.05pkg:apk/chainguard/neo4j-2025.05-docker-publishpkg:apk/chainguard/neo4j-2025.06pkg:apk/chainguard/neo4j-2025.06-browserpkg:apk/chainguard/neo4j-2025.06-docker-publishpkg:apk/chainguard/neo4j-2025.07pkg:apk/chainguard/neo4j-2025.07-browserpkg:apk/chainguard/neo4j-2025.07-docker-publishpkg:apk/chainguard/neo4j-5.26pkg:apk/chainguard/neo4j-5.26-docker-publishpkg:apk/chainguard/neo4j-5.26-oci-entrypointpkg:apk/chainguard/solrpkg:apk/chainguard/solr-oci-compatpkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/wolfi/apache-activemq-artemispkg:apk/wolfi/apache-activemq-artemis-compatpkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-compatpkg:apk/wolfi/apache-nifi-registrypkg:apk/wolfi/apache-nifi-registry-toolkitpkg:apk/wolfi/apache-nifi-toolkitpkg:apk/wolfi/jenkins-2pkg:apk/wolfi/jenkins-2-openjdk-17pkg:apk/wolfi/jenkins-2-openjdk-21pkg:apk/wolfi/jenkins-compatpkg:apk/wolfi/jenkins-docker-agentpkg:apk/wolfi/jenkins-docker-agent-openjdk-17pkg:apk/wolfi/jenkins-docker-agent-openjdk-21pkg:apk/wolfi/jenkins-remotingpkg:apk/wolfi/jenkins-utilspkg:apk/wolfi/neo4j-2025.01pkg:apk/wolfi/neo4j-2025.01-docker-publishpkg:apk/wolfi/neo4j-2025.02pkg:apk/wolfi/neo4j-2025.02-docker-publishpkg:apk/wolfi/neo4j-2025.03pkg:apk/wolfi/neo4j-2025.03-docker-publishpkg:apk/wolfi/neo4j-2025.04pkg:apk/wolfi/neo4j-2025.04-docker-publishpkg:apk/wolfi/neo4j-2025.05pkg:apk/wolfi/neo4j-2025.05-docker-publishpkg:apk/wolfi/neo4j-2025.06pkg:apk/wolfi/neo4j-2025.06-browserpkg:apk/wolfi/neo4j-2025.06-docker-publishpkg:apk/wolfi/neo4j-2025.07pkg:apk/wolfi/neo4j-2025.07-browserpkg:apk/wolfi/neo4j-2025.07-docker-publishpkg:apk/wolfi/neo4j-5.26pkg:apk/wolfi/neo4j-5.26-docker-publishpkg:apk/wolfi/neo4j-5.26-oci-entrypointpkg:apk/wolfi/solrpkg:apk/wolfi/solr-oci-compatpkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:maven/org.eclipse.jetty.http2/http2-commonpkg:maven/org.eclipse.jetty.http2/jetty-http2-commonpkg:rpm/opensuse/jetty-minimal&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/jetty-minimal&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/jetty-websocket&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/jetty-minimal&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 2.42.0-r3+ 235 more
- (no CPE)range: < 2.42.0-r3
- (no CPE)range: < 2.42.0-r3
- (no CPE)range: < 2.5.0-r5
- (no CPE)range: < 2.5.0-r5
- (no CPE)range: < 2.5.0-r2
- (no CPE)range: < 2.5.0-r2
- (no CPE)range: < 2.5.0-r5
- (no CPE)range: < 3.3.6-r4
- (no CPE)range: < 3.3.6-r4
- (no CPE)range: < 3.3.6-r4
- (no CPE)range: < 3.3.6-r4
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.516.2-r0
- (no CPE)range: < 2.516.2-r0
- (no CPE)range: < 2.516.2-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2025.01.0-r7
- (no CPE)range: < 2025.01.0-r7
- (no CPE)range: < 2025.02.0-r7
- (no CPE)range: < 2025.02.0-r7
- (no CPE)range: < 2025.03.0-r7
- (no CPE)range: < 2025.03.0-r7
- (no CPE)range: < 2025.04.0-r5
- (no CPE)range: < 2025.04.0-r5
- (no CPE)range: < 2025.05.1-r4
- (no CPE)range: < 2025.05.1-r4
- (no CPE)range: < 2025.06.2-r4
- (no CPE)range: < 2025.06.2-r4
- (no CPE)range: < 2025.06.2-r4
- (no CPE)range: < 2025.07.1-r2
- (no CPE)range: < 2025.07.1-r2
- (no CPE)range: < 2025.07.1-r2
- (no CPE)range: < 5.26.10-r2
- (no CPE)range: < 5.26.10-r2
- (no CPE)range: < 5.26.10-r2
- (no CPE)range: < 9.9.0-r1
- (no CPE)range: < 9.9.0-r1
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 2.42.0-r3
- (no CPE)range: < 2.42.0-r3
- (no CPE)range: < 2.5.0-r5
- (no CPE)range: < 2.5.0-r5
- (no CPE)range: < 2.5.0-r2
- (no CPE)range: < 2.5.0-r2
- (no CPE)range: < 2.5.0-r5
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2.524-r0
- (no CPE)range: < 2025.01.0-r7
- (no CPE)range: < 2025.01.0-r7
- (no CPE)range: < 2025.02.0-r7
- (no CPE)range: < 2025.02.0-r7
- (no CPE)range: < 2025.03.0-r7
- (no CPE)range: < 2025.03.0-r7
- (no CPE)range: < 2025.04.0-r5
- (no CPE)range: < 2025.04.0-r5
- (no CPE)range: < 2025.05.1-r4
- (no CPE)range: < 2025.05.1-r4
- (no CPE)range: < 2025.06.2-r4
- (no CPE)range: < 2025.06.2-r4
- (no CPE)range: < 2025.06.2-r4
- (no CPE)range: < 2025.07.1-r2
- (no CPE)range: < 2025.07.1-r2
- (no CPE)range: < 2025.07.1-r2
- (no CPE)range: < 5.26.10-r2
- (no CPE)range: < 5.26.10-r2
- (no CPE)range: < 5.26.10-r2
- (no CPE)range: < 9.9.0-r1
- (no CPE)range: < 9.9.0-r1
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: < 476-r6
- (no CPE)range: >= 9.3.0, < 9.4.58
- (no CPE)range: >= 12.0.0, < 12.0.25
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-1.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- (no CPE)range: < 9.4.58-150200.3.34.1
- Eclipse Jetty/Eclipse Jettyv5Range: >=9.3.0
Patches
Vulnerability mechanics
References
14- github.com/jetty/jetty.project/pull/13449ghsapatchWEB
- github.com/advisories/GHSA-mmxm-8w33-wc4hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-5115ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/08/20/4ghsaWEB
- www.openwall.com/lists/oss-security/2025/09/17/1ghsaWEB
- github.com/jetty/jetty.project/commit/f9ee3904788b08203ed62c95a560d951da37bdb1ghsaWEB
- github.com/jetty/jetty.project/releases/tag/jetty-10.0.26ghsarelease-notesWEB
- github.com/jetty/jetty.project/releases/tag/jetty-11.0.26ghsarelease-notesWEB
- github.com/jetty/jetty.project/releases/tag/jetty-12.0.25ghsarelease-notesWEB
- github.com/jetty/jetty.project/releases/tag/jetty-12.1.0ghsarelease-notesWEB
- github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814ghsarelease-notesWEB
- github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4hghsaissue-trackingWEB
- lists.debian.org/debian-lts-announce/2025/09/msg00014.htmlghsaWEB
- www.kb.cert.org/vuls/id/767506ghsaWEB
News mentions
1- Jenkins Security Advisory 2025-09-17Jenkins Security Advisories · Sep 17, 2025