rpm package
suse/jetty-minimal&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-36478 | — | < 9.4.53-150200.3.22.1 | 9.4.53-150200.3.22.1 | Oct 10, 2023 | Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.j | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | < 9.4.53-150200.3.22.1 | 9.4.53-150200.3.22.1 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-41900 | — | < 9.4.53-150200.3.22.1 | 9.4.53-150200.3.22.1 | Sep 15, 2023 | Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti | ||
| CVE-2023-40167 | — | < 9.4.53-150200.3.22.1 | 9.4.53-150200.3.22.1 | Sep 15, 2023 | Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely | ||
| CVE-2023-36479 | — | < 9.4.53-150200.3.22.1 | 9.4.53-150200.3.22.1 | Sep 15, 2023 | Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a spac |
- CVE-2023-36478Oct 10, 2023affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.j
- affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2023-41900Sep 15, 2023affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti
- CVE-2023-40167Sep 15, 2023affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely
- CVE-2023-36479Sep 15, 2023affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a spac