Information on source package jetty

Available versions

ReleaseVersion
jessie6.1.26-4+deb8u2

Open issues

BugjessieDescription
CVE-2024-9823vulnerableThere exists a security vulnerability in Jetty's DosFilter which can b ...
CVE-2024-8184vulnerableThere exists a security vulnerability in Jetty's ThreadLimitHandler.ge ...
CVE-2024-6763vulnerableEclipse Jetty is a lightweight, highly scalable, Java-based web server ...
CVE-2024-6762vulnerableJetty PushSessionCacheFilter can be exploited by unauthenticated users ...
CVE-2023-26049vulnerableJetty is a java based web server and servlet engine. Nonstandard cooki ...
CVE-2023-26048vulnerableJetty is a java based web server and servlet engine. In affected versi ...
CVE-2020-27218vulnerable (no DSA, ignored)In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 ...
CVE-2018-12536vulnerable (no DSA, ignored)In Eclipse Jetty Server, all 9.x versions, on webapps deployed using d ...
CVE-2017-7658vulnerable (no DSA, ignored)In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP ...
CVE-2017-7657vulnerable (no DSA, ignored)In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations) ...
CVE-2017-7656vulnerable (no DSA, ignored)In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations) ...

Open unimportant issues

BugjessieDescription
CVE-2009-3579vulnerableCross-site scripting (XSS) vulnerability in the CookieDump.java sample ...

Resolved issues

BugDescription
CVE-2021-34429For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0. ...
CVE-2021-34428For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exce ...
CVE-2021-28169For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is poss ...
CVE-2021-28165In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...
CVE-2021-28164In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...
CVE-2021-28163In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...
CVE-2020-27223In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0 ...
CVE-2020-27216In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...
CVE-2019-17638In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...
CVE-2019-17632In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...
CVE-2019-10247In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...
CVE-2019-10246In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server runnin ...
CVE-2019-10241In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.1 ...
CVE-2018-12538In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional ...
CVE-2017-9735Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...
CVE-2016-4800The path normalization mechanism in PathResource class in Eclipse Jett ...
CVE-2015-2080The exception handling code in Eclipse Jetty before 9.2.9.v20150224 al ...
CVE-2011-4461Jetty 8.1.0.RC2 and earlier computes hash values for form parameters w ...
CVE-2011-4404The default configuration of the HTTP server in Jetty in vSphere Updat ...
CVE-2009-5049WebApp JSP Snoop page XSS in jetty though 6.1.21.
CVE-2009-5048Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.
CVE-2009-5046JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
CVE-2009-5045Dump Servlet information leak in jetty before 6.1.22.
CVE-2009-4612Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...
CVE-2009-4611Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data with ...
CVE-2009-4610Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty ...
CVE-2009-4609The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attacke ...
CVE-2009-1524Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1. ...
CVE-2009-1523Directory traversal vulnerability in the HTTP server in Mort Bay Jetty ...
CVE-2007-6672Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protec ...
CVE-2007-5615CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows r ...
CVE-2007-5614Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote ...
CVE-2007-5613Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Je ...
CVE-2006-6969Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 befo ...
CVE-2006-2759jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...
CVE-2006-2758Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allow ...
CVE-2005-3747Unspecified vulnerability in Jetty before 5.1.6 allows remote attacker ...
CVE-2004-2381HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote atta ...
CVE-2002-1533Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine a ...
CVE-2002-1178Directory traversal vulnerability in the CGIServlet for Jetty HTTP ser ...

Security announcements

DSA / DLADescription
ELA-443-1jetty - security update
ELA-429-1jetty - security update
DLA-1020-1jetty - security update

Search for package or bug name: Reporting problems