CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2023-41900 – Jetty's OpenId Revoked authentication allows one request
https://notcve.org/view.php?id=CVE-2023-41900
15 Sep 2023 — Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenti... • https://github.com/eclipse/jetty.project/pull/9528 • CWE-287: Improper Authentication CWE-1390: Weak Authentication •
CVSS: 5.3EPSS: 3%CPEs: 12EXPL: 1CVE-2023-40167 – Jetty accepts "+" prefixed value in Content-Length
https://notcve.org/view.php?id=CVE-2023-40167
15 Sep 2023 — Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending suc... • https://github.com/uthrasri/Jetty-v9.4.31_CVE-2023-40167 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 4.3EPSS: 2%CPEs: 11EXPL: 1CVE-2023-36479 – Jetty vulnerable to errant command quoting in CGI Servlet
https://notcve.org/view.php?id=CVE-2023-36479
15 Sep 2023 — Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided ... • https://github.com/eclipse/jetty.project/pull/9516 • CWE-149: Improper Neutralization of Quoting Syntax •
CVSS: 9.0EPSS: 1%CPEs: 3EXPL: 0CVE-2023-4759 – Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write
https://notcve.org/view.php?id=CVE-2023-4759
12 Sep 2023 — Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (... • https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-178: Improper Handling of Case Sensitivity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28366 – mosquitto: memory leak leads to unresponsive broker
https://notcve.org/view.php?id=CVE-2023-28366
01 Sep 2023 — The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. El intermediario en Eclipse Mosquitto 1.3.2 hasta 2.x anterior a 2.0.16 tiene una pérdida de memoria de la que se puede abusar de forma remota cuando un cliente envía muchos mensajes QoS 2 con ID de mensajes duplicados ... • https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-41034 – DDFFileParser in eclipse leshan is vulnerable to XXE Attacks
https://notcve.org/view.php?id=CVE-2023-41034
31 Aug 2023 — Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to `XXE Attacks`. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files (e.g. if they let external users provide their own model), in that case they MUST upgrade to fixed version. If you parse only trusted DDF file and validate only with trusted xml ... • https://github.com/eclipse-leshan/leshan/commit/29577d2879ba8e7674c3b216a7f01193fc7ae013 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2597
https://notcve.org/view.php?id=CVE-2023-2597
22 May 2023 — In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. • https://github.com/eclipse-openj9/openj9/pull/17259 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32081 – Vert.x STOMP server process client frames that would not send initially a connect frame
https://notcve.org/view.php?id=CVE-2023-32081
12 May 2023 — Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched... • https://github.com/vert-x3/vertx-stomp/commit/0de4bc5a44ddb57e74d92c445f16456fa03f265b • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 1%CPEs: 14EXPL: 3CVE-2023-26049 – Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty
https://notcve.org/view.php?id=CVE-2023-26049
18 Apr 2023 — Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as o... • https://github.com/hshivhare67/Jetty_v9.4.31_CVE-2023-26049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 5.3EPSS: 32%CPEs: 3EXPL: 2CVE-2023-26048 – OutOfMemoryError for large multipart without filename in Eclipse Jetty
https://notcve.org/view.php?id=CVE-2023-26048
18 Apr 2023 — Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may s... • https://github.com/Trinadh465/jetty_9.4.31_CVE-2023-26048 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •