12.0.16
15 years ago
13 days ago
Known vulnerabilities in the org.eclipse.jetty:jetty-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Denial of Service (DoS) via the How to fix Denial of Service (DoS)? Upgrade | [9.3.12,9.4.56)[10.0.0,10.0.24)[11.0.0,11.0.24)[12.0.0,12.0.9) |
org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via the Notes:
How to fix Improper Validation of Syntactic Correctness of Input? Upgrade | [,12.0.12) |
org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Information Exposure such that nonstandard cookie parsing may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with Note:
A cookie header such as: How to fix Information Exposure? Upgrade | [,9.4.51)[10.0.0,10.0.14)[11.0.0,11.0.14)[12.0.0alpha0,12.0.0.beta0) |
org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Denial of Service (DoS) such that servlets with multipart support (e.g. annotated with Note: This happens even with the default settings of How to fix Denial of Service (DoS)? Upgrade | [,9.4.51)[10.0.0,10.0.14)[11.0.0,11.0.14)[12.0.0.alpha0,12.0.0.beta0) |