Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jetty
(Eclipse)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 36 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-04-13 | CVE-2016-4800 | The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. | Jetty | 9.8 | ||
| 2019-11-06 | CVE-2009-5046 | JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | Debian_linux, Jetty | N/A | ||
| 2019-11-06 | CVE-2009-5045 | Dump Servlet information leak in jetty before 6.1.22. | Debian_linux, Jetty | N/A | ||
| 2019-03-27 | CVE-2018-12545 | In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. | Jetty | 7.5 | ||
| 2016-10-07 | CVE-2015-2080 | The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. | Jetty, Fedora | 7.5 |