| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-7658 | 7.5 |
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a
|
20-07-2021 - 23:15 | 26-06-2018 - 17:29 | |
| CVE-2017-7657 | 7.5 |
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow
|
20-07-2021 - 23:15 | 26-06-2018 - 16:29 | |
| CVE-2017-7656 | 5.0 |
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declare
|
20-07-2021 - 23:15 | 26-06-2018 - 15:29 | |
| CVE-2018-12536 | 5.0 |
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the
|
14-05-2021 - 16:15 | 27-06-2018 - 17:29 | |
| CVE-2018-12538 | 6.5 |
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatche
|
20-10-2020 - 22:15 | 22-06-2018 - 19:29 |