Eclipse

Jetty

42 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-28165

Exploit
  • EPSS 13.15%
  • Published 01.04.2021 15:15:14
  • Last modified 27.08.2025 21:15:37

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

5.3

CVE-2021-28164

Exploit
  • EPSS 93.52%
  • Published 01.04.2021 15:15:14
  • Last modified 21.11.2024 05:59:13

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF...

4

CVE-2021-28163

Exploit
  • EPSS 0.21%
  • Published 01.04.2021 15:15:14
  • Last modified 21.11.2024 05:59:12

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps thems...

5.3

CVE-2020-27223

  • EPSS 33.82%
  • Published 26.02.2021 22:15:19
  • Last modified 20.08.2025 10:15:27

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) ...

5.8

CVE-2020-27218

  • EPSS 0.6%
  • Published 28.11.2020 01:15:11
  • Last modified 21.11.2024 05:20:52

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if a...

7

CVE-2020-27216

Exploit
  • EPSS 0.03%
  • Published 23.10.2020 13:15:16
  • Last modified 21.11.2024 05:20:52

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can obser...

9.4

CVE-2019-17638

  • EPSS 30.93%
  • Published 09.07.2020 18:15:10
  • Last modified 21.11.2024 04:32:40

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to...

6.1

CVE-2019-17632

  • EPSS 1.46%
  • Published 25.11.2019 22:15:11
  • Last modified 21.11.2024 04:32:40

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in err...

6.1

CVE-2009-5046

  • EPSS 1.05%
  • Published 06.11.2019 20:15:09
  • Last modified 21.11.2024 01:11:03

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.

7.5

CVE-2009-5045

  • EPSS 2.64%
  • Published 06.11.2019 20:15:09
  • Last modified 21.11.2024 01:11:03

Dump Servlet information leak in jetty before 6.1.22.