High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-10	CVE-2023-36478	Resource Exhaustion vulnerability in multiple products Eclipse Jetty provides a web server and servlet container. network low complexity eclipse jenkins debian CWE-400	7.5
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2022-07-07	CVE-2022-2048	In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. network low complexity eclipse debian netapp jenkins	7.5
2022-07-07	CVE-2022-2191	Improper Resource Shutdown or Release vulnerability in Eclipse Jetty In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. network low complexity eclipse CWE-404	7.5
2021-04-01	CVE-2021-28165	Improper Handling of Exceptional Conditions vulnerability in multiple products In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. network low complexity eclipse oracle jenkins netapp CWE-755	7.5
2020-10-23	CVE-2020-27216	In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. local high complexity eclipse netapp oracle apache debian	7.0
2019-11-06	CVE-2009-5045	Information Exposure vulnerability in multiple products Dump Servlet information leak in jetty before 6.1.22. network low complexity eclipse debian CWE-200	7.5
2019-03-27	CVE-2018-12545	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. network low complexity eclipse fedoraproject CWE-770	7.5
2018-06-26	CVE-2017-7656	In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. network low complexity eclipse debian	7.5
2018-06-22	CVE-2018-12538	Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. network low complexity eclipse netapp CWE-384	8.8