CVE-2022-2047
jetty-http: improver hostname input handling
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
En Eclipse Jetty versiones 9.4.0 hasta 9.4.46, y 10.0.0 hasta 10.0.9, y 11.0.0 hasta 11.0.9, el análisis sintáctico del segmento de autoridad de un URI de esquema http, la clase Jetty HttpURI detecta inapropiadamente una entrada no válida como nombre de host. Esto puede conllevar a fallos en un escenario Proxy
A flaw was found in Eclipse Jetty. When parsing the authority segment of an HTTP scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This issue can lead to failures in a Proxy scenario.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-09 CVE Reserved
- 2022-07-07 CVE Published
- 2024-01-28 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20220901-0006 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | 2022-10-25 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2022/dsa-5198 | 2022-10-25 | |
| https://access.redhat.com/security/cve/CVE-2022-2047 | 2023-04-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2116949 | 2023-04-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eclipse Search vendor "Eclipse" | Jetty Search vendor "Eclipse" for product "Jetty" | < 9.4.46 Search vendor "Eclipse" for product "Jetty" and version " < 9.4.46" | - |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Jetty Search vendor "Eclipse" for product "Jetty" | >= 10.0.0 < 10.0.9 Search vendor "Eclipse" for product "Jetty" and version " >= 10.0.0 < 10.0.9" | - |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Jetty Search vendor "Eclipse" for product "Jetty" | >= 11.0.0 <= 11.0.9 Search vendor "Eclipse" for product "Jetty" and version " >= 11.0.0 <= 11.0.9" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Element Plug-in For Vcenter Server Search vendor "Netapp" for product "Element Plug-in For Vcenter Server" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Management Services For Element Software And Netapp Hci Search vendor "Netapp" for product "Management Services For Element Software And Netapp Hci" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire \& Hci Storage Node Search vendor "Netapp" for product "Solidfire \& Hci Storage Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node" | - | - |
Affected
| ||||||