4
CVE-2022-2047
- EPSS 1.22%
- Published 07.07.2022 21:15:10
- Last modified 21.11.2024 07:00:13
- Source emo@eclipse.org
- Teams watchlist Login
- Open Login
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Data is provided by the National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Netapp ≫ Element Plug-in For Vcenter Server Version-
Netapp ≫ Snapcenter Version-
Netapp ≫ Solidfire & Hci Storage Node Version-
Netapp ≫ Hci Compute Node Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.22% | 0.785 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
| emo@eclipse.org | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.