org.eclipse.jetty:jetty-http@7.6.7.v20120910 vulnerabilities
-
latest version
12.0.15
-
latest non vulnerable version
-
first published
16 years ago
-
latest version published
21 days ago
-
licenses detected
- (Apache-2.0 OR EPL-1.0)[7.0.0.M0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.eclipse.jetty:jetty-http package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via the Notes:
How to fix Improper Validation of Syntactic Correctness of Input? Upgrade |
[,12.0.12)
|
org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to Information Exposure such that nonstandard cookie parsing may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with Note:
A cookie header such as: How to fix Information Exposure? Upgrade |
[,9.4.51)
[10.0.0,10.0.14)
[11.0.0,11.0.14)
[12.0.0alpha0,12.0.0.beta0)
|
org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to Improper Input Validation due to improper URI paring in the How to fix Improper Input Validation? Upgrade |
[,9.4.47)
[10.0.0-alpha0,10.0.10)
[11.0.0-alpha0,11.0.10)
|