CVSS: 7.0EPSS: 0%CPEs: 33EXPL: 2CVE-2020-27216 – jetty: local temporary directory hijacking vulnerability
https://notcve.org/view.php?id=CVE-2020-27216
23 Oct 2020 — In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921 • CWE-377: Insecure Temporary File CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 9.4EPSS: 32%CPEs: 3EXPL: 1CVE-2019-17638 – jetty: double release of resource can lead to information disclosure
https://notcve.org/view.php?id=CVE-2019-17638
09 Jul 2020 — In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to ... • https://github.com/forse01/CVE-2019-17638-Jetty • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-672: Operation on a Resource after Expiration or Release CWE-675: Multiple Operations on Resource in Single-Operation Context •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17632
https://notcve.org/view.php?id=CVE-2019-17632
25 Nov 2019 — In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output. En Eclipse Jetty versiones 9.4.21.v20190926, 9.4.22.v20191022 y 9.4.23.v20191118, la generación de contenido de respuesta de Error no controlado predeterminado (en Content-Type text/html y text/json ) no escapa a los mensajes Exception en stacktraces ... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 26%CPEs: 139EXPL: 0CVE-2019-10241 – jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions
https://notcve.org/view.php?id=CVE-2019-10241
22 Apr 2019 — In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. Eclipse Jetty versiones 9.2.26 y anteriores, 9.3.25 y anteriores, 9.3.25 y anteriores, y 9.4.15 y anteriores. El servidor es vulnerable a un Cross-Site Scripting (XSS) si un cliente remoto emplea una URL especialmente formada ... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 1%CPEs: 55EXPL: 0CVE-2019-10246
https://notcve.org/view.php?id=CVE-2019-10246
22 Apr 2019 — In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories. En Eclipse Jetty versión 9.2.27, versión 9.3.26 y versión 9.4.16 , el servidor que es ejecutado en Windows es vulnerable a la exposición del nombre del... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 5.3EPSS: 6%CPEs: 335EXPL: 0CVE-2019-10247 – jetty: error path information disclosure
https://notcve.org/view.php?id=CVE-2019-10247
22 Apr 2019 — In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the ... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 7.5EPSS: 4%CPEs: 85EXPL: 0CVE-2018-12545
https://notcve.org/view.php?id=CVE-2018-12545
27 Mar 2019 — In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. En Eclipse Jetty, en versiones 9.3.x y 9.4.x, el servidor es vulnerable a una denegación de servicio (DoS) si un cliente remoto envía frames SETTINGs bastante largos que contienen mucha... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 2%CPEs: 7EXPL: 0CVE-2018-12536 – jetty: full server path revealed when using the default Error Handling
https://notcve.org/view.php?id=CVE-2018-12536
27 Jun 2018 — In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPath... • http://www.securitytracker.com/id/1041194 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 7%CPEs: 29EXPL: 0CVE-2017-7658 – jetty: Incorrect header handling
https://notcve.org/view.php?id=CVE-2017-7658
26 Jun 2018 — In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imp... • http://www.securityfocus.com/bid/106566 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 4%CPEs: 27EXPL: 0CVE-2017-7657 – jetty: HTTP request smuggling
https://notcve.org/view.php?id=CVE-2017-7657
26 Jun 2018 — In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrar... • http://www.securitytracker.com/id/1041194 • CWE-190: Integer Overflow or Wraparound CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •