Eclipse

Jetty

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-1948

  • EPSS 0.05%
  • Veröffentlicht 08.05.2025 17:48:40
  • Zuletzt bearbeitet 31.07.2025 16:28:26

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to a...

7.2

CVE-2024-13009

  • EPSS 0.05%
  • Veröffentlicht 08.05.2025 17:29:31
  • Zuletzt bearbeitet 31.07.2025 16:31:12

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

6.5

CVE-2024-8184

  • EPSS 0.39%
  • Veröffentlicht 14.10.2024 16:15:04
  • Zuletzt bearbeitet 08.11.2024 21:00:09

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory er...

5.3

CVE-2024-6763

Exploit
  • EPSS 0.19%
  • Veröffentlicht 14.10.2024 16:15:04
  • Zuletzt bearbeitet 10.07.2025 15:04:04

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the beh...

6.5

CVE-2024-6762

  • EPSS 2.21%
  • Veröffentlicht 14.10.2024 16:15:03
  • Zuletzt bearbeitet 08.11.2024 21:29:51

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

7.5

CVE-2024-9823

  • EPSS 1.16%
  • Veröffentlicht 14.10.2024 15:15:14
  • Zuletzt bearbeitet 30.07.2025 19:51:05

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofM...

7.5

CVE-2024-22201

  • EPSS 0.45%
  • Veröffentlicht 26.02.2024 16:27:56
  • Zuletzt bearbeitet 13.02.2025 18:16:46

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file d...

7.5

CVE-2023-36478

Exploit
  • EPSS 1.03%
  • Veröffentlicht 10.10.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:09:47

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their ...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.44%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

4.3

CVE-2023-41900

Exploit
  • EPSS 0.13%
  • Veröffentlicht 15.09.2023 21:15:11
  • Zuletzt bearbeitet 21.11.2024 08:21:53

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides...