Vulnerabilities > Eclipse > Jetty > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-14 CVE-2024-6762 Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Jetty
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
network
low complexity
eclipse CWE-770
6.5
2024-10-14 CVE-2024-6763 Unspecified vulnerability in Eclipse Jetty
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine .
network
low complexity
eclipse
5.3
2024-10-14 CVE-2024-8184 Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Jetty
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.
network
low complexity
eclipse CWE-770
6.5
2023-09-15 CVE-2023-41900 Improper Authentication vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian CWE-287
4.3
2023-09-15 CVE-2023-40167 Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian
5.3
2023-09-15 CVE-2023-36479 Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project.
network
low complexity
eclipse debian
4.3
2023-04-18 CVE-2023-26048 Unspecified vulnerability in Eclipse Jetty
Jetty is a java based web server and servlet engine.
network
low complexity
eclipse
5.3
2023-04-18 CVE-2023-26049 Jetty is a java based web server and servlet engine.
network
low complexity
eclipse debian netapp
5.3
2021-07-15 CVE-2021-34429 For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints.
network
low complexity
eclipse netapp oracle
5.3
2021-06-09 CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.
network
low complexity
eclipse debian oracle netapp
5.3