rpm package
suse/jetty-minimal&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-5115 | — | < 9.4.58-150200.3.34.1 | 9.4.58-150200.3.34.1 | Aug 20, 2025 | In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing th | ||
| CVE-2024-13009 | — | < 9.4.57-150200.3.31.1 | 9.4.57-150200.3.31.1 | May 8, 2025 | In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests. | ||
| CVE-2024-6763 | — | < 9.4.57-150200.3.31.1 | 9.4.57-150200.3.31.1 | Oct 14, 2024 | Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs fro | ||
| CVE-2024-22201 | — | < 9.4.54-150200.3.25.1 | 9.4.54-150200.3.25.1 | Feb 26, 2024 | Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing |
- CVE-2025-5115Aug 20, 2025affected < 9.4.58-150200.3.34.1fixed 9.4.58-150200.3.34.1
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing th
- CVE-2024-13009May 8, 2025affected < 9.4.57-150200.3.31.1fixed 9.4.57-150200.3.31.1
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.
- CVE-2024-6763Oct 14, 2024affected < 9.4.57-150200.3.31.1fixed 9.4.57-150200.3.31.1
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs fro
- CVE-2024-22201Feb 26, 2024affected < 9.4.54-150200.3.25.1fixed 9.4.54-150200.3.25.1
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing