Download
| Alert*
oval:org.secpod.oval:def:603496
jetty9 is installed oval:org.secpod.oval:def:1900780 In Eclipse Jetty, versions 9.2.x and older, 9.3.x , and 9.4.x , HTTP/0.9 is handled poorly. An HTTP/1 style request line that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version , then the ... oval:org.secpod.oval:def:1901427 In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x , and 9.4.x , when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored . If an intermediary decided on the shorter length, but ... oval:org.secpod.oval:def:1901564 In Eclipse Jetty, versions 9.2.x and older, 9.3.x , and 9.4.x , transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a p ... oval:org.secpod.oval:def:53401 Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in HTTP request smuggling. oval:org.secpod.oval:def:603494 Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in HTTP request smuggling. oval:org.secpod.oval:def:612683 Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine. The org.eclipse.jetty.servlets.CGI class has been deprecated. It is potentially unsafe to use it. The upstream developers of Jetty recommend to use Fast CGI instead. See also CVE-2023-36479. CVE-2023-2 ... oval:org.secpod.oval:def:95215 Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine. The org.eclipse.jetty.servlets.CGI class has been deprecated. It is potentially unsafe to use it. The upstream developers of Jetty recommend to use Fast CGI instead. See also CVE-2023-36479. CVE-2023-2 ... oval:org.secpod.oval:def:613060 Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state , TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. oval:org.secpod.oval:def:605591 Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service. oval:org.secpod.oval:def:74572 Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service. oval:org.secpod.oval:def:88386 Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047 In Eclipse Jetty the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scena ... oval:org.secpod.oval:def:95248 Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header values exceed their size limit. Furthermore the HTTP/2 protocol allowed a denial of service becaus ... oval:org.secpod.oval:def:99998 Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state , TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. |