CVE-2018-12538
https://notcve.org/view.php?id=CVE-2018-12538
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. En Eclipse Jetty, desde la versión 9.4.0 hasta la 9.4.8, al emplear el FileSessionDataStore opcional provisto por Jetty para el almacenamiento persistente de detalles HttpSession, es posible que un usuario malicioso acceda/secuestre otras HttpSessions e incluso elimine HttpSessions sin coincidencias presentes en el almacenamiento FileSystem para FileSessionDataStore. • http://www.securitytracker.com/id/1041194 https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E https://security.netapp.com/advisory/ntap-20181014-0001 https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html • CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length CWE-384: Session Fixation •
CVE-2017-9735
https://notcve.org/view.php?id=CVE-2017-9735
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. Jetty hasta la versión 9.4.x es propenso a una sincronización de canal en util/security/Password.java, lo que facilita que atacantes remotos obtengan acceso observando el tiempo transcurrido antes de rechazar contraseñas incorrectas. SR 760 Feeder Protection Relay, en versiones de firmware anteriores a la 7.47; SR 469 Motor Protection Relay, en versiones de firmware anteriores a la 5.23; SR 489 Generator Protection Relay, en versiones de firmware anteriores a la 4.06; SR 745 Transformer Protection Relay, en versiones de firmware anteriores a la 5.23; SR 369 Motor Protection Relay, en todas las versiones de firmware; Multilin Universal Relay, en versiones de firmware 6.0 y anteriores; y Multilin URplus (D90, C90, B95), en todas las versiones. Las versiones en texto cifrado de contraseñas de usuario fueron creadas con un vector de inicialización no aleatorio, dejándolas expuestas a ataques de diccionario. El texto cifrado de las contraseñas de usuario se pueden obtener del panel LCD de los productos afectados y a través de los comandos Modbus enviados. • http://www.securityfocus.com/bid/99104 https://bugs.debian.org/864631 https://github.com/eclipse/jetty.project/issues/1556 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/36870f6c51f5bc25e6f7bb1fcace0e57e81f1524019b11f466738559%40%3Ccommon-dev.hadoop.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f887a5978f5e • CWE-203: Observable Discrepancy •
CVE-2016-4800 – Eclipse Jetty Protected Resource Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-4800
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. El mecanismo de normalización de ruta en la clase PathResource en Eclipse Jetty 9.3.x en versiones anteriores a 9.3.9 en Windows permite a los atacantes remotos evitar las restricciones de recursos protegidos y otras restricciones de seguridad a través de una URL con ciertos caracteres de escape relacionados con las barras invertidas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eclipse Jetty. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the ContextHandler class restricts access to protected resources. By issuing a crafted request, an attacker can gain access to the code of a web application deployed in Jetty. • http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00092.html http://www.ocert.org/advisories/ocert-2016-001.html http://www.securityfocus.com/bid/90945 http://www.zerodayinitiative.com/advisories/ZDI-16-362 https://security.netapp.com/advisory/ntap-20190307-0006 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-284: Improper Access Control •
CVE-2015-2080 – Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers
https://notcve.org/view.php?id=CVE-2015-2080
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. El código de manipulación de excepciones en Eclipse Jetty en versiones anteriores a 9.2.9.v20150224 permite a atacantes remotos obtener información sensible de memoria de procesos a través de caracteres no válidos en una cabecera HTTP, vulnerabilidad también conocida como JetLeak. Remote unauthenticated attackers are able to read arbitrary data from other HTTP sessions because Ignition uses a vulnerable Jetty server. When the Jetty web server receives a HTTP request, the below code is used to parse through the HTTP headers and their associated values. Inductive Automation versions 7.8.1 (b2016012216) and 7.8.0 (b2015101414) are affected. • https://www.exploit-db.com/exploits/39455 http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html http://seclists.org/fulldisclosure/2015/Mar/12 http://www.securityfocus.com/archive/1/534755/100/1600/threaded http://www.securityfocus.com/bid/72768 http • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •