13 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2024-9823 – Jetty DOS vulnerability on DosFilter

https://notcve.org/view.php?id=CVE-2024-9823

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally. A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service. • https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h https://gitlab.eclipse.org/security/cve-assignement/-/issues/39 https://github.com/jetty/jetty.project/issues/1256 https://access.redhat.com/security/cve/CVE-2024-9823 https://bugzilla.redhat.com/show_bug.cgi?id=2318565 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-22201 – Jetty connection leaking on idle timeout when TCP congested

https://notcve.org/view.php?id=CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6. Jetty es un servidor web y motor de servlet basado en Java. • http://www.openwall.com/lists/oss-security/2024/03/20/2 https://github.com/jetty/jetty.project/issues/11256 https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html https://security.netapp.com/advisory/ntap-20240329-0001 https://access.redhat.com/security/cve/CVE-2024-22201 https://bugzilla.redhat.com/show_bug.cgi?id=2266136 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.0EPSS: 7%CPEs: 2EXPL: 0

CVE-2007-6672

https://notcve.org/view.php?id=CVE-2007-6672

Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI. Mortbay Jetty versiones 6.1.5 y 6.1.6, permite a atacantes remotos omitir los mecanismos de protección y leer la fuente de archivos por medio de múltiples caracteres "/" (barra diagonal) en el URI. • http://jira.codehaus.org/browse/JETTY-386#action_117699 http://jira.codehaus.org/browse/JETTY/fixforversion/13950 http://osvdb.org/39855 http://secunia.com/advisories/28322 http://secunia.com/advisories/28547 http://www.igniterealtime.org/community/message/163752 http://www.kb.cert.org/vuls/id/553235 http://www.securityfocus.com/bid/27117 http://www.vupen.com/english/advisories/2008/0079 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2007-5613

https://notcve.org/view.php?id=CVE-2007-5613

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Dump Servlet de Mortbay Jetty anterior a 6.1.6rc1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante parámetro y cookies no especificados. • http://jira.codehaus.org/browse/JETTY-452 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://osvdb.org/42497 http://secunia.com/advisories/27925 http://secunia.com/advisories/30941 http://secunia.com/advisories/35143 http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt http://www.kb.cert.org/vuls/id/237888 http://www.securityfocus.com/bid/26697 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html https://www • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 0

CVE-2007-5614

https://notcve.org/view.php?id=CVE-2007-5614

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors. Mortbay Jetty anterior a 6.1.6rc1 no maneja adecuadamente "ciertas secuencias de comillas" en parámetros de cookie HTML, lo cual permite a atacantes remotos secuestrar sesiones del navegador mediante vectores no especificados. • http://osvdb.org/42496 http://secunia.com/advisories/27925 http://secunia.com/advisories/30941 http://secunia.com/advisories/35143 http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt http://www.kb.cert.org/vuls/id/438616 http://www.securityfocus.com/bid/26695 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html •