VYPR

Maven package

org.eclipse.jetty/jetty-servlets

pkg:maven/org.eclipse.jetty/jetty-servlets

Vulnerabilities (4)

  • CVE-2024-6762Oct 14, 2024
    affected >= 10.0.0, < 10.0.18fixed 10.0.18

    Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

  • CVE-2024-9823Oct 14, 2024
    affected >= 9.0.0, < 9.4.54fixed 9.4.54

    There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the s

  • CVE-2023-36479Sep 15, 2023
    affected >= 9.0.0, < 9.4.52fixed 9.4.52

    Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a spac

  • CVE-2021-28169Jun 9, 2021
    affected < 9.4.41fixed 9.4.41

    For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml fil