VYPR

rpm package

suse/jetty-minimal&distro=SUSE Linux Enterprise Module for Development Tools 15 SP5

pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5

Vulnerabilities (9)

  • CVE-2024-8184Oct 14, 2024
    affected < 9.4.56-150200.3.28.1fixed 9.4.56-150200.3.28.1

    There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's

  • CVE-2024-22201Feb 26, 2024
    affected < 9.4.54-150200.3.25.1fixed 9.4.54-150200.3.25.1

    Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing

  • CVE-2023-36478Oct 10, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.j

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-41900Sep 15, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti

  • CVE-2023-40167Sep 15, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely

  • CVE-2023-36479Sep 15, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a spac

  • CVE-2023-26049Apr 18, 2023
    affected < 9.4.51-150200.3.19.2fixed 9.4.51-150200.3.19.2

    Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that start

  • CVE-2023-26048Apr 18, 2023
    affected < 9.4.51-150200.3.19.2fixed 9.4.51-150200.3.19.2

    Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a