VYPR

rpm package

suse/jetty-minimal&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Vulnerabilities (9)

  • CVE-2025-5115Aug 20, 2025
    affected < 9.4.58-150200.3.34.1fixed 9.4.58-150200.3.34.1

    In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing th

  • CVE-2024-13009May 8, 2025
    affected < 9.4.57-150200.3.31.1fixed 9.4.57-150200.3.31.1

    In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

  • CVE-2024-6763Oct 14, 2024
    affected < 9.4.57-150200.3.31.1fixed 9.4.57-150200.3.31.1

    Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs fro

  • CVE-2024-22201Feb 26, 2024
    affected < 9.4.54-150200.3.25.1fixed 9.4.54-150200.3.25.1

    Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing

  • CVE-2023-36478Oct 10, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.j

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-41900Sep 15, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti

  • CVE-2023-40167Sep 15, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely

  • CVE-2023-36479Sep 15, 2023
    affected < 9.4.53-150200.3.22.1fixed 9.4.53-150200.3.22.1

    Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a spac

VYPR — Vulnerability Intelligence