VYPR

rpm package

suse/jetty-minimal&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Vulnerabilities (5)

  • CVE-2023-36478Oct 10, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.j

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-41900Sep 15, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti

  • CVE-2023-40167Sep 15, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely

  • CVE-2023-36479Sep 15, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a spac