rpm package
opensuse/jetty-websocket&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/jetty-websocket&distro=openSUSE%20Leap%2015.6
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11143 | — | < 9.4.58-150200.3.37.1 | 9.4.58-150200.3.37.1 | Mar 5, 2026 | The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the UR | ||
| CVE-2025-5115 | — | < 9.4.58-150200.3.34.1 | 9.4.58-150200.3.34.1 | Aug 20, 2025 | In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing th |
- CVE-2025-11143Mar 5, 2026affected < 9.4.58-150200.3.37.1fixed 9.4.58-150200.3.37.1
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the UR
- CVE-2025-5115Aug 20, 2025affected < 9.4.58-150200.3.34.1fixed 9.4.58-150200.3.34.1
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing th