pkg:Maven/org.eclipse.jetty:jetty-server

所有已知漏洞

• CRITICAL9.8CVE-2017-7658Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
  from 0, < 9.2.25.v20180606
• CRITICAL9.8CVE-2016-4800Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
  >= 9.3.0, < 9.3.9
• CRITICAL9.8Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
  from 0, < 9.2.25.v20180606
• CRITICAL9.4Operation on a Resource after Expiration or Release in Jetty Server
  >= 9.4.27, < 9.4.30.v20200611
• HIGH8.8Access and integrity issue within Eclipse Jetty
  >= 9.4.0, < 9.4.11.v20180605
• HIGH7.5The Eclipse Jetty Server Artifact has a Gzip request memory leak
  >= 12.1.0, < 12.1.6
• HIGH7.5Jetty SslConnection does not release pooled ByteBuffers in case of errors
  >= 10.0.0, < 10.0.10
• HIGH7.5Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
  >= 7.2.2, < 9.4.39
• HIGH7.5Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
  >= 9.4.0, < 9.4.12.v20180830
• HIGH7.5Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
  from 0, < 9.2.9.v20150224
• HIGH7.5jetty9 - security update
  from 0, < 9.3.24.v20180605
• HIGH7.5jetty9 - security update
  >= 9.4.0, < 9.4.6.v20170531
• HIGH7.2jetty9 - security update
  >= 9.4.0, < 9.4.57.v20241219
• MEDIUM6.1Unescaped exception messages in error responses in Jetty
  >= 9.4.21.v20190926, < 9.4.24.v20191120
• MEDIUM6.1jetty9 - security update
  from 0, < 9.2.27.v20190403
• MEDIUM5.9Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
  >= 12.0.0, < 12.0.9
• MEDIUM5.3jetty9 - security update
  from 0, < 9.4.51.v20230217
• MEDIUM5.3Improper Input Validation in Jetty
  from 0, < 8.1.0.RC4
• MEDIUM5.3DOS vulnerability for Quoted Quality CSV headers
  >= 9.4.6, < 9.4.37
• MEDIUM5.3Information Exposure vulnerability in Eclipse Jetty
  >= 9.2.0, < 9.2.28.v20190418
• MEDIUM5.3Installation information leak in Eclipse Jetty
  >= 7.0.0, < 9.2.28.v20190418
• MEDIUM5.3Eclipse Jetty Server generates error message containing sensitive information
  >= 9.4.0, < 9.4.11.v20180605
• MEDIUM4.8jetty9 - security update
  >= 9.4.0, < 9.4.35.v20201120
• LOW3.5SessionListener can prevent a session from being invalidated breaking logout
  from 0, < 9.4.41
• LOW2.4Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
  from 0, < 9.4.51.v20230217
• —Jetty Uses Predictable Session Identifiers
  from 0, < 4.2.27