Vulnerabilities > Eclipse > Jetty > 9.4.26

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-36478 Resource Exhaustion vulnerability in multiple products
Eclipse Jetty provides a web server and servlet container.
network
low complexity
eclipse jenkins debian CWE-400
7.5
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2023-09-15 CVE-2023-41900 Improper Authentication vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian CWE-287
4.3
2023-09-15 CVE-2023-40167 Improper Handling of Length Parameter Inconsistency vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian CWE-130
5.3
2023-09-15 CVE-2023-36479 Improper Neutralization of Quoting Syntax vulnerability in multiple products
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project.
network
low complexity
eclipse debian CWE-149
4.3
2023-04-18 CVE-2023-26048 Resource Exhaustion vulnerability in Eclipse Jetty
Jetty is a java based web server and servlet engine.
network
low complexity
eclipse CWE-400
5.3
2023-04-18 CVE-2023-26049 Information Exposure vulnerability in multiple products
Jetty is a java based web server and servlet engine.
network
low complexity
eclipse debian netapp CWE-200
5.3
2022-07-07 CVE-2022-2047 Improper Input Validation vulnerability in multiple products
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname.
network
low complexity
eclipse debian netapp CWE-20
2.7
2022-07-07 CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources.
network
low complexity
eclipse debian netapp jenkins
7.5
2021-06-22 CVE-2021-34428 Insufficient Session Expiration vulnerability in multiple products
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager.
3.5