Maven package
org.eclipse.jetty/jetty-servlets
pkg:maven/org.eclipse.jetty/jetty-servlets
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-6762 | — | >= 10.0.0, < 10.0.18 | 10.0.18 | Oct 14, 2024 | Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. | ||
| CVE-2024-9823 | — | >= 9.0.0, < 9.4.54 | 9.4.54 | Oct 14, 2024 | There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the s | ||
| CVE-2023-36479 | — | >= 9.0.0, < 9.4.52 | 9.4.52 | Sep 15, 2023 | Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a spac | ||
| CVE-2021-28169 | — | < 9.4.41 | 9.4.41 | Jun 9, 2021 | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml fil |
- CVE-2024-6762Oct 14, 2024affected >= 10.0.0, < 10.0.18fixed 10.0.18
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
- CVE-2024-9823Oct 14, 2024affected >= 9.0.0, < 9.4.54fixed 9.4.54
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the s
- CVE-2023-36479Sep 15, 2023affected >= 9.0.0, < 9.4.52fixed 9.4.52
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a spac
- CVE-2021-28169Jun 9, 2021affected < 9.4.41fixed 9.4.41
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml fil