Product:

Jetty

(Eclipse)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 36
Date Id Summary Products Score Patch Annotated
2017-04-13 CVE-2016-4800 The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. Jetty 9.8
2019-11-06 CVE-2009-5046 JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. Debian_linux, Jetty N/A
2019-11-06 CVE-2009-5045 Dump Servlet information leak in jetty before 6.1.22. Debian_linux, Jetty N/A
2019-03-27 CVE-2018-12545 In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. Jetty 7.5
2016-10-07 CVE-2015-2080 The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. Jetty, Fedora 7.5