Vulnerabilities > Eclipse
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-13 | CVE-2016-4800 | Improper Access Control vulnerability in Eclipse Jetty The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. | 9.8 |
2017-03-24 | CVE-2017-7243 | NULL Pointer Dereference vulnerability in Eclipse Tinydtls 0.8.2 Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. | 7.5 |
2016-10-07 | CVE-2015-2080 | Information Exposure vulnerability in multiple products The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. | 7.5 |