Vulnerabilities > Eclipse > Jetty > 9.3.0

DATE CVE VULNERABILITY TITLE RISK
2017-04-13 CVE-2016-4800 Improper Access Control vulnerability in Eclipse Jetty
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
network
low complexity
eclipse microsoft CWE-284
7.5
7.5
2016-10-07 CVE-2015-2080 Information Exposure vulnerability in multiple products
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
network
low complexity
fedoraproject eclipse CWE-200
5.0
5.0