Vulnerabilities > Eclipse

DATE CVE VULNERABILITY TITLE RISK
2017-04-13 CVE-2016-4800 Improper Access Control vulnerability in Eclipse Jetty
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
network
low complexity
eclipse CWE-284
critical
9.8
2017-03-24 CVE-2017-7243 NULL Pointer Dereference vulnerability in Eclipse Tinydtls 0.8.2
Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake.
network
low complexity
eclipse CWE-476
7.5
2016-10-07 CVE-2015-2080 Information Exposure vulnerability in multiple products
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
network
low complexity
fedoraproject eclipse CWE-200
7.5