Search CVE reports
21 – 30 of 44 results
CVE-2009-5049
Medium priorityWebApp JSP Snoop page XSS in jetty though 6.1.21.
1 affected packages
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | — | — | — | — | — |
CVE-2009-5048
Medium priorityCookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.
1 affected packages
jetty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | — | — | — | — | — |
CVE-2019-10247
Medium priorityIn Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| jetty8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| jetty9 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2019-10246
Medium priorityIn Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | — | — | — | Not in release | Not affected |
| jetty8 | — | — | — | Not in release | Not affected |
| jetty9 | — | — | — | Not affected | Not affected |
CVE-2019-10241
Low priorityIn Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is...
3 affected packages
jetty, jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| jetty8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| jetty9 | Not affected | Not affected | Not affected | Vulnerable | Not affected |
CVE-2018-12545
Medium priorityIn Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty8 | — | — | Not in release | Not in release | Not affected |
| jetty9 | — | — | Not affected | Not affected | Not affected |
CVE-2018-12536
Low priorityIn Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release | Not affected |
| jetty9 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2017-7658
Low priorityIn Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release | Ignored |
| jetty9 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2017-7657
Low priorityIn Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release | Ignored |
| jetty9 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2017-7656
Medium priorityIn Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space...
2 affected packages
jetty8, jetty9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jetty8 | Not in release | Not in release | Not in release | Not in release | Ignored |
| jetty9 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |