CVE search results

21 – 30 of 47 results

Detailed view

Sort by:

CVE-2019-17632

Low priority

Needs evaluation

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in...

3 affected packages

jetty, jetty8, jetty9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jetty	Not in release	Not in release	Not in release	Not in release	Needs evaluation
jetty8	Not in release	Not in release	Not in release	Not in release	Needs evaluation
jetty9	Needs evaluation	Needs evaluation	Not affected	Needs evaluation	Needs evaluation

CVE-2009-5046

Medium priority

Ignored

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.

1 affected package

jetty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jetty	—	—	—	—	—

CVE-2009-5045

Low priority

Ignored

Dump Servlet information leak in jetty before 6.1.22.

1 affected package

jetty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jetty	—	—	—	—	—

CVE-2009-5049

Medium priority

Ignored

WebApp JSP Snoop page XSS in jetty though 6.1.21.

1 affected package

jetty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jetty	—	—	—	—	—

CVE-2009-5048

Medium priority

Ignored

Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.

1 affected package

jetty

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jetty	—	—	—	—	—

CVE-2019-10247

Medium priority

Vulnerable

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on...

3 affected packages

jetty, jetty8, jetty9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jetty	Not in release	Not in release	Not in release	Not in release	Vulnerable
jetty8	Not in release	Not in release	Not in release	Not in release	Vulnerable
jetty9	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2019-10246

Medium priority

Not affected

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a...

3 affected packages

jetty, jetty8, jetty9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jetty	—	—	—	Not in release	Not affected
jetty8	—	—	—	Not in release	Not affected
jetty9	—	—	—	Not affected	Not affected

CVE-2019-10241

Low priority

Vulnerable

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is...

3 affected packages

jetty, jetty8, jetty9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jetty	Not in release	Not in release	Not in release	Not in release	Vulnerable
jetty8	Not in release	Not in release	Not in release	Not in release	Needs evaluation
jetty9	Not affected	Not affected	Not affected	Vulnerable	Not affected

CVE-2018-12545

Medium priority

Not affected

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The...

2 affected packages

jetty8, jetty9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jetty8	—	—	Not in release	Not in release	Not affected
jetty9	—	—	Not affected	Not affected	Not affected

CVE-2018-12536

Low priority

Vulnerable

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's...

2 affected packages

jetty8, jetty9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jetty8	Not in release	Not in release	Not in release	Not in release	Not affected
jetty9	Not affected	Not affected	Not affected	Not affected	Vulnerable

Export to JSON

Results by page:

Search CVE reports