Eclipse

Jetty

42 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-1948

  • EPSS 0.05%
  • Published 08.05.2025 17:48:40
  • Last modified 31.07.2025 16:28:26

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to a...

7.2

CVE-2024-13009

  • EPSS 0.05%
  • Published 08.05.2025 17:29:31
  • Last modified 31.07.2025 16:31:12

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

6.5

CVE-2024-8184

  • EPSS 0.39%
  • Published 14.10.2024 16:15:04
  • Last modified 08.11.2024 21:00:09

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory er...

5.3

CVE-2024-6763

Exploit
  • EPSS 0.19%
  • Published 14.10.2024 16:15:04
  • Last modified 10.07.2025 15:04:04

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the beh...

6.5

CVE-2024-6762

  • EPSS 2.21%
  • Published 14.10.2024 16:15:03
  • Last modified 08.11.2024 21:29:51

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

7.5

CVE-2024-9823

  • EPSS 1.16%
  • Published 14.10.2024 15:15:14
  • Last modified 30.07.2025 19:51:05

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofM...

7.5

CVE-2024-22201

  • EPSS 0.45%
  • Published 26.02.2024 16:27:56
  • Last modified 13.02.2025 18:16:46

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file d...

7.5

CVE-2023-36478

Exploit
  • EPSS 1.03%
  • Published 10.10.2023 17:15:11
  • Last modified 21.11.2024 08:09:47

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their ...

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

4.3

CVE-2023-41900

Exploit
  • EPSS 0.13%
  • Published 15.09.2023 21:15:11
  • Last modified 21.11.2024 08:21:53

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides...