CVE-2017-7656 -- jetty8, jetty9ID: oval:org.secpod.oval:def:1900780 | Date: (C)2019-03-12 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
In Eclipse Jetty, versions 9.2.x and older, 9.3.x , and 9.4.x , HTTP/0.9 is handled poorly. An HTTP/1 style request line that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version , then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
Platform: |
Ubuntu 16.04 |
Ubuntu 14.04 |
Ubuntu 18.04 |