Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-5115 (GCVE-0-2025-5115)
Vulnerability from cvelistv5
Published
2025-08-20 19:07
Modified
2025-08-21 10:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.
For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.
Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.
The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.
The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.
Links:
* https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Jetty | Eclipse Jetty |
Version: >=9.3.0 ≤ <=9.4.57 Version: >=10.0.0 ≤ <=10.0.25 Version: >=11.0.0 ≤ <=11.0.25 Version: >=12.0.0 ≤ <=12.0.21 Version: >=12.1.0.alpha0 ≤ <=12.1.0.alpha2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T19:28:04.700843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T19:28:12.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "pkg:maven/org.eclipse.jetty.http2/http2-common",
"product": "Eclipse Jetty",
"repo": "https://github.com/jetty/jetty.project",
"vendor": "Eclipse Jetty",
"versions": [
{
"lessThanOrEqual": "\u003c=9.4.57",
"status": "affected",
"version": "\u003e=9.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.0.25",
"status": "affected",
"version": "\u003e=10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=11.0.25",
"status": "affected",
"version": "\u003e=11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=12.0.21",
"status": "affected",
"version": "\u003e=12.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=12.1.0.alpha2",
"status": "affected",
"version": "\u003e=12.1.0.alpha0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eIn Eclipse Jetty, versions \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\u003c/p\u003e\n\u003cp\u003eFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update\"\u003e\u003c/a\u003e, the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\u003c/p\u003e\n\u003cp\u003eThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\"\u003ehttps://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T10:36:49.477Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"tags": [
"patch"
],
"url": "https://github.com/jetty/jetty.project/pull/13449"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MadeYouReset HTTP/2 vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-5115",
"datePublished": "2025-08-20T19:07:11.546Z",
"dateReserved": "2025-05-23T08:55:59.861Z",
"dateUpdated": "2025-08-21T10:36:49.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-5115\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2025-08-20T20:15:33.377\",\"lastModified\":\"2025-08-22T18:09:17.710\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\\n\\n\\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\\n\\n\\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\\n\\n\\n\\nLinks:\\n\\n\\n\\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\"},{\"lang\":\"es\",\"value\":\"En Eclipse Jetty, versiones \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, un cliente HTTP/2 puede provocar que el servidor env\u00ede tramas RST_STREAM, por ejemplo, enviando tramas con formato incorrecto o que no deber\u00edan enviarse en un estado de flujo espec\u00edfico, lo que obliga al servidor a consumir recursos como CPU y memoria. Por ejemplo, un cliente puede abrir un flujo y luego enviar tramas WINDOW_UPDATE con un incremento de tama\u00f1o de ventana de 0, lo cual es ilegal. Seg\u00fan la especificaci\u00f3n https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update, el servidor debe enviar una trama RST_STREAM. El cliente ahora puede abrir otra transmisi\u00f3n y enviar otra WINDOW_UPDATE incorrecta, lo que provoca que el servidor consuma m\u00e1s recursos de los necesarios. En este caso, no se supera el n\u00famero m\u00e1ximo de transmisiones simult\u00e1neas, pero el cliente puede crear una enorme cantidad de transmisiones en poco tiempo. El ataque puede ejecutarse con otras condiciones (por ejemplo, una trama DATA para una transmisi\u00f3n cerrada) que provocan que el servidor env\u00ede una trama RST_STREAM. Enlaces: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"https://github.com/jetty/jetty.project/pull/13449\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\",\"source\":\"emo@eclipse.org\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5115\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-20T19:28:04.700843Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-20T19:28:07.991Z\"}}], \"cna\": {\"title\": \"MadeYouReset HTTP/2 vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/jetty/jetty.project\", \"vendor\": \"Eclipse Jetty\", \"product\": \"Eclipse Jetty\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e=9.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=9.4.57\"}, {\"status\": \"affected\", \"version\": \"\u003e=10.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.0.25\"}, {\"status\": \"affected\", \"version\": \"\u003e=11.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=11.0.25\"}, {\"status\": \"affected\", \"version\": \"\u003e=12.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=12.0.21\"}, {\"status\": \"affected\", \"version\": \"\u003e=12.1.0.alpha0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=12.1.0.alpha2\"}], \"packageName\": \"pkg:maven/org.eclipse.jetty.http2/http2-common\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/jetty/jetty.project/pull/13449\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\\n\\n\\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\\n\\n\\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\\n\\n\\n\\nLinks:\\n\\n\\n\\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003c/p\u003e\u003cp\u003eIn Eclipse Jetty, versions \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\u003c/p\u003e\\n\u003cp\u003eFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\\nPer specification\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update\\\"\u003e\u003c/a\u003e, the server should send a RST_STREAM frame.\\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\u003c/p\u003e\\n\u003cp\u003eThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\u003c/p\u003e\\n\\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\\\"\u003ehttps://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2025-08-21T10:36:49.477Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-5115\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-21T10:36:49.477Z\", \"dateReserved\": \"2025-05-23T08:55:59.861Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2025-08-20T19:07:11.546Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2025-5115
Vulnerability from fkie_nvd
Published
2025-08-20 20:15
Modified
2025-08-22 18:09
Severity ?
Summary
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.
For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.
Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.
The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.
The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.
Links:
* https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h
References
| URL | Tags | ||
|---|---|---|---|
| emo@eclipse.org | https://github.com/jetty/jetty.project/pull/13449 | ||
| emo@eclipse.org | https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26 | ||
| emo@eclipse.org | https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26 | ||
| emo@eclipse.org | https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25 | ||
| emo@eclipse.org | https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0 | ||
| emo@eclipse.org | https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814 | ||
| emo@eclipse.org | https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"lang": "es",
"value": "En Eclipse Jetty, versiones \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, un cliente HTTP/2 puede provocar que el servidor env\u00ede tramas RST_STREAM, por ejemplo, enviando tramas con formato incorrecto o que no deber\u00edan enviarse en un estado de flujo espec\u00edfico, lo que obliga al servidor a consumir recursos como CPU y memoria. Por ejemplo, un cliente puede abrir un flujo y luego enviar tramas WINDOW_UPDATE con un incremento de tama\u00f1o de ventana de 0, lo cual es ilegal. Seg\u00fan la especificaci\u00f3n https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update, el servidor debe enviar una trama RST_STREAM. El cliente ahora puede abrir otra transmisi\u00f3n y enviar otra WINDOW_UPDATE incorrecta, lo que provoca que el servidor consuma m\u00e1s recursos de los necesarios. En este caso, no se supera el n\u00famero m\u00e1ximo de transmisiones simult\u00e1neas, pero el cliente puede crear una enorme cantidad de transmisiones en poco tiempo. El ataque puede ejecutarse con otras condiciones (por ejemplo, una trama DATA para una transmisi\u00f3n cerrada) que provocan que el servidor env\u00ede una trama RST_STREAM. Enlaces: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
}
],
"id": "CVE-2025-5115",
"lastModified": "2025-08-22T18:09:17.710",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
},
"published": "2025-08-20T20:15:33.377",
"references": [
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/pull/13449"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
}
ncsc-2025-0323
Vulnerability from csaf_ncscnl
Published
2025-10-17 08:04
Modified
2025-10-17 08:04
Summary
Kwetsbaarheden verholpen in SAP Producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
SAP heeft kwetsbaarheden verholpen in diverse SAP producten.
Interpretaties
De kwetsbaarheden omvatten een deserialisatie kwetsbaarheid die ongeauthenticeerde aanvallers in staat stelt om willekeurige OS-commando's uit te voeren, en een CSRF-kwetsbaarheid die geauthenticeerde aanvallers in staat stelt om kritieke autorisatiecontroles te omzeilen. Daarnaast zijn er kwetsbaarheden die leiden tot ongeautoriseerde toegang tot gevoelige ABAP-code en de mogelijkheid om verwerkingsregels te verwijderen zonder de juiste autorisatie. Deze kwetsbaarheden kunnen leiden tot ernstige gevolgen voor de integriteit en vertrouwelijkheid van de applicatie.
Oplossingen
SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
medium
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-35
Path Traversal: '.../...//'
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-204
Observable Response Discrepancy
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-400
Uncontrolled Resource Consumption
CWE-434
Unrestricted Upload of File with Dangerous Type
CWE-476
NULL Pointer Dereference
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE-502
Deserialization of Untrusted Data
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-863
Incorrect Authorization
CWE-1004
Sensitive Cookie Without 'HttpOnly' Flag
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft kwetsbaarheden verholpen in diverse SAP producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten een deserialisatie kwetsbaarheid die ongeauthenticeerde aanvallers in staat stelt om willekeurige OS-commando\u0027s uit te voeren, en een CSRF-kwetsbaarheid die geauthenticeerde aanvallers in staat stelt om kritieke autorisatiecontroles te omzeilen. Daarnaast zijn er kwetsbaarheden die leiden tot ongeautoriseerde toegang tot gevoelige ABAP-code en de mogelijkheid om verwerkingsregels te verwijderen zonder de juiste autorisatie. Deze kwetsbaarheden kunnen leiden tot ernstige gevolgen voor de integriteit en vertrouwelijkheid van de applicatie.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "medium",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Unrestricted Upload of File with Dangerous Type",
"title": "CWE-434"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"title": "CWE-497"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag",
"title": "CWE-1004"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in SAP Producten",
"tracking": {
"current_release_date": "2025-10-17T08:04:54.828451Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0323",
"initial_release_date": "2025-10-17T08:04:54.828451Z",
"revision_history": [
{
"date": "2025-10-17T08:04:54.828451Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Application Server for ABAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Cloud Appliance Library Appliances"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Commerce Cloud"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Financial Service Claims Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "NetWeaver Application Server for ABAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Netweaver"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Netweaver AS ABAP and ABAP Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Print Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "S4HANA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "SAP Commerce Cloud"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Supplier Relationship Management"
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-42944",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A deserialization vulnerability in SAP NetWeaver\u0027s RMI-P4 module allows unauthenticated attackers to execute arbitrary OS commands, posing significant security risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42944 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42944.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42944"
},
{
"cve": "CVE-2025-42937",
"cwe": {
"id": "CWE-35",
"name": "Path Traversal: \u0027.../...//\u0027"
},
"notes": [
{
"category": "other",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
},
{
"category": "description",
"text": "SAP Print Service (SAPSprint) contains a directory traversal vulnerability that allows unauthenticated attackers to manipulate path information, potentially compromising system files and affecting the application\u0027s confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42937 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42937.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42937"
},
{
"cve": "CVE-2025-42910",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "other",
"text": "Unrestricted Upload of File with Dangerous Type",
"title": "CWE-434"
},
{
"category": "description",
"text": "SAP Supplier Relationship Management has an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary files, potentially leading to malware execution and compromising the application\u0027s confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42910 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42910.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42910"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain versions of Eclipse Jetty, allowing attackers to exploit malformed control frames for resource exhaustion and denial of service, alongside a related DoS vulnerability in SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-48913",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent vulnerabilities in Apache CXF allow untrusted users to configure JMS with RMI or LDAP URLs, leading to potential code execution, with specific versions recommended for upgrade to address these issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48913 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48913.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-48913"
},
{
"cve": "CVE-2025-0059",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"title": "CWE-497"
},
{
"category": "description",
"text": "SAP NetWeaver Application Server ABAP applications using SAP GUI for HTML have a vulnerability that allows attackers with administrative privileges to access sensitive user data stored in local browser storage.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0059 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-0059.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-0059"
},
{
"cve": "CVE-2025-42901",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "The SAP Application Server for ABAP has vulnerabilities allowing authenticated attackers to execute malicious JavaScript payloads and perform code injection via the BAPI explorer and BAPI Browser, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42901"
},
{
"cve": "CVE-2025-42908",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "description",
"text": "A CSRF vulnerability in SAP NetWeaver Application Server for ABAP enables authenticated attackers to bypass authorization checks, leading to unauthorized transactions that compromise system integrity and confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42908 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42908.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42908"
},
{
"cve": "CVE-2025-42906",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "SAP Commerce Cloud contains a directory traversal vulnerability that allows unauthorized access to the Administration Console from unintended addresses, posing a low risk to confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42906.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42906"
},
{
"cve": "CVE-2025-42902",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "A memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform allows unauthenticated attackers to crash the application server via corrupted SAP Logon or Assertion Tickets, impacting availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42902 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42902.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42902"
},
{
"cve": "CVE-2025-42939",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "SAP S/4HANA (Manage Processing Rules - For Bank Statements) has a vulnerability allowing authenticated attackers to delete shared rule conditions due to a missing authorization check, compromising application integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42939 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42939.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42939"
},
{
"cve": "CVE-2025-31331",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "SAP NetWeaver has a vulnerability that enables attackers to bypass authorization checks, allowing unauthorized access to sensitive ABAP code and compromising confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31331 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31331.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-31331"
},
{
"cve": "CVE-2025-42903",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
},
{
"category": "description",
"text": "A vulnerability in SAP Financial Service Claims Management\u0027s RFC function ICL_USER_GET_NAME_AND_ADDRESS allows for user enumeration and potential personal data exposure, presenting a low confidentiality risk.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42903 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42903.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42903"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent vulnerabilities in Apache POI, Oracle Business Process Management Suite, and SAP BusinessObjects expose systems to risks including improper input validation, unauthenticated access, and deserialization issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-42909",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "other",
"text": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag",
"title": "CWE-1004"
},
{
"category": "description",
"text": "SAP Cloud Appliance Library Appliances have a security misconfiguration vulnerability that allows high-privilege attackers to exploit insecure default profile settings to access other appliances, posing a low risk to confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42909 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42909.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.0,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11"
]
}
],
"title": "CVE-2025-42909"
}
]
}
rhsa-2025:16457
Vulnerability from csaf_redhat
Published
2025-09-23 09:44
Modified
2025-10-13 22:37
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.16. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.16. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16457",
"url": "https://access.redhat.com/errata/RHSA-2025:16457"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16457.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-10-13T22:37:56+00:00",
"generator": {
"date": "2025-10-13T22:37:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:16457",
"initial_release_date": "2025-09-23T09:44:56+00:00",
"revision_history": [
{
"date": "2025-09-23T09:44:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:44:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-13T22:37:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.16",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758336945-3.el9.src",
"product": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.src",
"product_id": "jenkins-0:2.516.3.1758336945-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758336945-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.16.1758337173-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"product_id": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758336945-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.16.1758337173-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src"
},
"product_reference": "jenkins-0:2.516.3.1758336945-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:44:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16457"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16456
Vulnerability from csaf_redhat
Published
2025-09-23 09:44
Modified
2025-10-13 22:37
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.17 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.17. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
(CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.17. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n(CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16456",
"url": "https://access.redhat.com/errata/RHSA-2025:16456"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16456.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.17 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-10-13T22:37:56+00:00",
"generator": {
"date": "2025-10-13T22:37:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:16456",
"initial_release_date": "2025-09-23T09:44:51+00:00",
"revision_history": [
{
"date": "2025-09-23T09:44:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:44:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-13T22:37:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.17",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758259817-3.el9.src",
"product": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.src",
"product_id": "jenkins-0:2.516.3.1758259817-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758259817-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.17.1758260106-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"product_id": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758259817-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.17.1758260106-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src"
},
"product_reference": "jenkins-0:2.516.3.1758259817-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:44:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16456"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16455
Vulnerability from csaf_redhat
Published
2025-09-23 09:40
Modified
2025-10-13 22:37
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.18 Openshift Jenkins security update
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.18. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
(CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.18. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n(CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16455",
"url": "https://access.redhat.com/errata/RHSA-2025:16455"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16455.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.18 Openshift Jenkins security update",
"tracking": {
"current_release_date": "2025-10-13T22:37:56+00:00",
"generator": {
"date": "2025-10-13T22:37:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:16455",
"initial_release_date": "2025-09-23T09:40:23+00:00",
"revision_history": [
{
"date": "2025-09-23T09:40:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:40:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-13T22:37:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.18",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758260563-3.el9.src",
"product": {
"name": "jenkins-0:2.516.3.1758260563-3.el9.src",
"product_id": "jenkins-0:2.516.3.1758260563-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758260563-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.18.1758260849-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.18.1758260849-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758260563-3.el9.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758260563-3.el9.noarch",
"product_id": "jenkins-0:2.516.3.1758260563-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758260563-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.18.1758260849-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758260563-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758260563-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758260563-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.src"
},
"product_reference": "jenkins-0:2.516.3.1758260563-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.18.1758260849-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:40:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16455"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:17567
Vulnerability from csaf_redhat
Published
2025-10-08 14:48
Modified
2025-10-15 09:14
Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.13.2 release and security update
Notes
Topic
Red Hat AMQ Broker 7.13.2 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.13.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* (CVE-2025-5115) jetty-http2-server: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
* (CVE-2025-5115) jetty-http2-hpack: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
* (CVE-2025-5115) jetty-http2-common: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
* (CVE-2025-27533) activemq-openwire-legacy: ActiveMQ: Unvalidated Buffer Size Allocation
* (CVE-2025-58056) netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
* (CVE-2025-58056) netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.13.2 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.13.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2025-5115) jetty-http2-server: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n* (CVE-2025-5115) jetty-http2-hpack: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n* (CVE-2025-5115) jetty-http2-common: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n* (CVE-2025-27533) activemq-openwire-legacy: ActiveMQ: Unvalidated Buffer Size Allocation\n* (CVE-2025-58056) netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions\n* (CVE-2025-58056) netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:17567",
"url": "https://access.redhat.com/errata/RHSA-2025:17567"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification#important",
"url": "https://access.redhat.com/security/updates/classification#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.13.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.13.2"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13",
"url": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13"
},
{
"category": "external",
"summary": "2364684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364684"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "ENTMQBR-10093",
"url": "https://issues.redhat.com/browse/ENTMQBR-10093"
},
{
"category": "external",
"summary": "ENTMQBR-10099",
"url": "https://issues.redhat.com/browse/ENTMQBR-10099"
},
{
"category": "external",
"summary": "ENTMQBR-9917",
"url": "https://issues.redhat.com/browse/ENTMQBR-9917"
},
{
"category": "external",
"summary": "ENTMQBR-9921",
"url": "https://issues.redhat.com/browse/ENTMQBR-9921"
},
{
"category": "external",
"summary": "ENTMQBR-9932",
"url": "https://issues.redhat.com/browse/ENTMQBR-9932"
},
{
"category": "external",
"summary": "ENTMQBR-9933",
"url": "https://issues.redhat.com/browse/ENTMQBR-9933"
},
{
"category": "external",
"summary": "ENTMQBR-9934",
"url": "https://issues.redhat.com/browse/ENTMQBR-9934"
},
{
"category": "external",
"summary": "ENTMQBR-9936",
"url": "https://issues.redhat.com/browse/ENTMQBR-9936"
},
{
"category": "external",
"summary": "ENTMQBR-9947",
"url": "https://issues.redhat.com/browse/ENTMQBR-9947"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17567.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.13.2 release and security update",
"tracking": {
"current_release_date": "2025-10-15T09:14:38+00:00",
"generator": {
"date": "2025-10-15T09:14:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:17567",
"initial_release_date": "2025-10-08T14:48:34+00:00",
"revision_history": [
{
"date": "2025-10-08T14:48:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-08T14:48:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-15T09:14:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Broker 7.13.2",
"product": {
"name": "Red Hat AMQ Broker 7.13.2",
"product_id": "Red Hat AMQ Broker 7.13.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-08T14:48:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17567"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AMQ Broker 7.13.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2025-05-07T10:00:42.526701+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2364684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache ActiveMQ. This vulnerability allows denial of service by depleting process memory via unmarshalling OpenWire commands without proper size validation when not using mutual TLS connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ActiveMQ: ActiveMQ: Unvalidated Buffer Size Allocation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27533"
},
{
"category": "external",
"summary": "RHBZ#2364684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27533",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27533"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/05/06/1",
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg",
"url": "https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg"
}
],
"release_date": "2025-05-07T08:59:00.249000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-08T14:48:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17567"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ActiveMQ: ActiveMQ: Unvalidated Buffer Size Allocation"
},
{
"cve": "CVE-2025-58056",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-09-03T21:01:22.935850+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392996"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "RHBZ#2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
},
{
"category": "external",
"summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
"url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
"url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/issues/15522",
"url": "https://github.com/netty/netty/issues/15522"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/pull/15611",
"url": "https://github.com/netty/netty/pull/15611"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
"url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
}
],
"release_date": "2025-09-03T20:56:50.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-08T14:48:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17567"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
"product_ids": [
"Red Hat AMQ Broker 7.13.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
}
]
}
rhsa-2025:16460
Vulnerability from csaf_redhat
Published
2025-09-23 10:09
Modified
2025-10-13 22:37
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16460",
"url": "https://access.redhat.com/errata/RHSA-2025:16460"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16460.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-10-13T22:37:56+00:00",
"generator": {
"date": "2025-10-13T22:37:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:16460",
"initial_release_date": "2025-09-23T10:09:41+00:00",
"revision_history": [
{
"date": "2025-09-23T10:09:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T10:09:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-13T22:37:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758298953-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758298953-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758298953-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1758299004-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758298953-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1758299004-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758298953-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T10:09:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16460"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16459
Vulnerability from csaf_redhat
Published
2025-09-23 09:47
Modified
2025-10-13 22:37
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16459",
"url": "https://access.redhat.com/errata/RHSA-2025:16459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16459.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-10-13T22:37:56+00:00",
"generator": {
"date": "2025-10-13T22:37:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:16459",
"initial_release_date": "2025-09-23T09:47:46+00:00",
"revision_history": [
{
"date": "2025-09-23T09:47:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:47:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-13T22:37:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758299374-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758299374-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758299374-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1758299735-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758299374-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1758299735-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758299374-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:47:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16459"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16461
Vulnerability from csaf_redhat
Published
2025-09-23 10:10
Modified
2025-10-13 22:37
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16461",
"url": "https://access.redhat.com/errata/RHSA-2025:16461"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16461.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-10-13T22:37:56+00:00",
"generator": {
"date": "2025-10-13T22:37:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:16461",
"initial_release_date": "2025-09-23T10:10:12+00:00",
"revision_history": [
{
"date": "2025-09-23T10:10:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T10:10:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-13T22:37:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.14::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302106-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758302106-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302106-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1758302383-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302106-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1758302383-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758302106-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T10:10:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16461"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:14911
Vulnerability from csaf_redhat
Published
2025-08-28 18:38
Modified
2025-10-13 22:37
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.6 for Spring Boot release.
Notes
Topic
Red Hat build of Apache Camel 4.10.6 for Spring Boot patch release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat build of Apache Camel 4.10.6 for Spring Boot patch release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues
fixed.
Security Fix(es):
* jetty-http2-client: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
* jetty-http2-client-transport: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
* jetty-http2-common: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
* jetty-http2-hpack: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
* jetty-http2-server: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.10.6 for Spring Boot patch release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.10.6 for Spring Boot patch release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues\nfixed.\n\nSecurity Fix(es):\n \n* jetty-http2-client: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\n* jetty-http2-client-transport: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\n* jetty-http2-common: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\n* jetty-http2-hpack: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\n* jetty-http2-server: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\n* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14911",
"url": "https://access.redhat.com/errata/RHSA-2025:14911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14911.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.6 for Spring Boot release.",
"tracking": {
"current_release_date": "2025-10-13T22:37:56+00:00",
"generator": {
"date": "2025-10-13T22:37:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:14911",
"initial_release_date": "2025-08-28T18:38:33+00:00",
"revision_history": [
{
"date": "2025-08-28T18:38:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-28T18:38:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-13T22:37:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9",
"product": {
"name": "Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9",
"product_id": "Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.10"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-28T18:38:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14911"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-08-13T15:01:55.372237+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a denial of service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55163"
},
{
"category": "external",
"summary": "RHBZ#2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
"url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-13T14:17:36.111000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-28T18:38:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14911"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability"
}
]
}
rhsa-2025:16462
Vulnerability from csaf_redhat
Published
2025-09-23 10:09
Modified
2025-10-13 22:37
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16462",
"url": "https://access.redhat.com/errata/RHSA-2025:16462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16462.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-10-13T22:37:58+00:00",
"generator": {
"date": "2025-10-13T22:37:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:16462",
"initial_release_date": "2025-09-23T10:09:56+00:00",
"revision_history": [
{
"date": "2025-09-23T10:09:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T10:09:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-13T22:37:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.15::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302665-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758302665-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302665-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1758303157-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302665-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1758303157-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758302665-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T10:09:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16462"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16989
Vulnerability from csaf_redhat
Published
2025-09-29 17:36
Modified
2025-10-13 22:37
Summary
Red Hat Security Advisory: Red Hat Offline Knowledge Portal update
Notes
Topic
Red Hat Offline Knowledge Portal update
Details
This is an update for the Red Hat Offline Knowledge portal that updates the content as of 25 Sep 2025. It also contains a mitigation for CVE-2025-5115, as well as small fix for the CVE and Errata search applications that adds a trailing slash to search result links that removes an Apache redirect that automatically adds trailing slashes to URLs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Offline Knowledge Portal update",
"title": "Topic"
},
{
"category": "general",
"text": "This is an update for the Red Hat Offline Knowledge portal that updates the content as of 25 Sep 2025. It also contains a mitigation for CVE-2025-5115, as well as small fix for the CVE and Errata search applications that adds a trailing slash to search result links that removes an Apache redirect that automatically adds trailing slashes to URLs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16989",
"url": "https://access.redhat.com/errata/RHSA-2025:16989"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/red-hat-offline-knowledge-portal",
"url": "https://access.redhat.com/products/red-hat-offline-knowledge-portal"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5115",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-5115/",
"url": "https://access.redhat.com/security/cve/cve-2025-5115/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1.0"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16989.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Offline Knowledge Portal update",
"tracking": {
"current_release_date": "2025-10-13T22:37:58+00:00",
"generator": {
"date": "2025-10-13T22:37:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:16989",
"initial_release_date": "2025-09-29T17:36:18+00:00",
"revision_history": [
{
"date": "2025-09-29T17:36:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-29T17:36:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-13T22:37:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Offline Knowledge Portal 1.1.2",
"product": {
"name": "Red Hat Offline Knowledge Portal 1.1.2",
"product_id": "Red Hat Offline Knowledge Portal 1.1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:offline_knowledge_portal:1.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Offline Knowledge Portal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"product": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"product_id": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhokp-rhel9@sha256%3A31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78?arch=amd64\u0026repository_url=registry.redhat.io/offline-knowledge-portal\u0026tag=1.1.2-1759166862"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"product": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"product_id": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhokp-rhel9@sha256%3A7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd?arch=arm64\u0026repository_url=registry.redhat.io/offline-knowledge-portal\u0026tag=1.1.2-1759166862"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64 as a component of Red Hat Offline Knowledge Portal 1.1.2",
"product_id": "Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64"
},
"product_reference": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"relates_to_product_reference": "Red Hat Offline Knowledge Portal 1.1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64 as a component of Red Hat Offline Knowledge Portal 1.1.2",
"product_id": "Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
},
"product_reference": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"relates_to_product_reference": "Red Hat Offline Knowledge Portal 1.1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-29T17:36:18+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command. A satellite subscription is required to download and use this product.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16989"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16454
Vulnerability from csaf_redhat
Published
2025-09-23 09:44
Modified
2025-10-13 22:37
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.19 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.19. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.19. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16454",
"url": "https://access.redhat.com/errata/RHSA-2025:16454"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16454.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.19 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-10-13T22:37:56+00:00",
"generator": {
"date": "2025-10-13T22:37:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:16454",
"initial_release_date": "2025-09-23T09:44:32+00:00",
"revision_history": [
{
"date": "2025-09-23T09:44:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:44:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-13T22:37:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.19",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.19",
"product_id": "9Base-OCP-Tools-4.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.19::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758206866-3.el9.src",
"product": {
"name": "jenkins-0:2.516.3.1758206866-3.el9.src",
"product_id": "jenkins-0:2.516.3.1758206866-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758206866-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.19.1758207171-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.19.1758207171-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758206866-3.el9.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758206866-3.el9.noarch",
"product_id": "jenkins-0:2.516.3.1758206866-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758206866-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.19.1758207171-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758206866-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.19",
"product_id": "9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758206866-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758206866-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.19",
"product_id": "9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.src"
},
"product_reference": "jenkins-0:2.516.3.1758206866-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.19",
"product_id": "9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.19",
"product_id": "9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.19.1758207171-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.19"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.src",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:44:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.src",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16454"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.src",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.src",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
suse-su-2025:02993-1
Vulnerability from csaf_suse
Published
2025-09-01 14:04
Modified
2025-09-01 14:04
Summary
Security update for jetty-minimal
Notes
Title of the patch
Security update for jetty-minimal
Description of the patch
This update for jetty-minimal fixes the following issues:
Upgraded to version 9.4.58.v20250814:
- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)
Patchnames
SUSE-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2993,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2993,SUSE-Storage-7.1-2025-2993,openSUSE-SLE-15.6-2025-2993
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jetty-minimal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jetty-minimal fixes the following issues:\n\nUpgraded to version 9.4.58.v20250814:\n- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2993,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2993,SUSE-Storage-7.1-2025-2993,openSUSE-SLE-15.6-2025-2993",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02993-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02993-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502993-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02993-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022294.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244252",
"url": "https://bugzilla.suse.com/1244252"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5115/"
}
],
"title": "Security update for jetty-minimal",
"tracking": {
"current_release_date": "2025-09-01T14:04:07Z",
"generator": {
"date": "2025-09-01T14:04:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02993-1",
"initial_release_date": "2025-09-01T14:04:07Z",
"revision_history": [
{
"date": "2025-09-01T14:04:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-annotations-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-ant-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-cdi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-continuation-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-deploy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-fcgi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-spi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-io-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jaas-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jmx-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jndi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jsp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-openid-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-plus-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-project-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-proxy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-quickstart-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-rewrite-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-security-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlets-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-start-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-webapp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-xml-9.4.58-150200.3.34.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-project-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-start-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5115"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5115",
"url": "https://www.suse.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1244252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-01T14:04:07Z",
"details": "important"
}
],
"title": "CVE-2025-5115"
}
]
}
suse-su-2025:02993-2
Vulnerability from csaf_suse
Published
2025-09-01 14:04
Modified
2025-09-01 14:04
Summary
Security update for jetty-minimal
Notes
Title of the patch
Security update for jetty-minimal
Description of the patch
This update for jetty-minimal fixes the following issues:
Upgraded to version 9.4.58.v20250814:
- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)
Patchnames
SUSE-2025-2993,openSUSE-SLE-15.6-2025-2993
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jetty-minimal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jetty-minimal fixes the following issues:\n\nUpgraded to version 9.4.58.v20250814:\n- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2993,openSUSE-SLE-15.6-2025-2993",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02993-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02993-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502993-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02993-2",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041479.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244252",
"url": "https://bugzilla.suse.com/1244252"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5115/"
}
],
"title": "Security update for jetty-minimal",
"tracking": {
"current_release_date": "2025-09-01T14:04:07Z",
"generator": {
"date": "2025-09-01T14:04:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02993-2",
"initial_release_date": "2025-09-01T14:04:07Z",
"revision_history": [
{
"date": "2025-09-01T14:04:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-annotations-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-ant-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-cdi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-continuation-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-deploy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-fcgi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-spi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-io-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jaas-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jmx-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jndi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jsp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-openid-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-plus-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-project-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-proxy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-quickstart-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-rewrite-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-security-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlets-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-start-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-webapp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-xml-9.4.58-150200.3.34.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-project-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-start-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5115"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5115",
"url": "https://www.suse.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1244252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-01T14:04:07Z",
"details": "important"
}
],
"title": "CVE-2025-5115"
}
]
}
CERTFR-2025-AVI-0867
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP NetWeaver AS Java | NetWeaver AS Java version SERVERCORE 7.50 sans le dernier correctif de sécurité | ||
| SAP | Financial Service Claims Management | Financial Service Claims Management versions INSURANCE 803, 804, 805, 806, S4CEXT 107, 108 et 109 sans le dernier correctif de sécurité | ||
| SAP | Print Service | Print Service versions SAPSPRINT 8.00 et 8.10 sans le dernier correctif de sécurité | ||
| SAP | Data Hub Integration Suite | Data Hub Integration Suite version CX_DATAHUB_INT_PACK 2205 sans le dernier correctif de sécurité | ||
| SAP | BusinessObjects | BusinessObjects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | Application Server pour ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver | NetWeaver versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité | ||
| SAP | S/4HANA | S/4HANA versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité | ||
| SAP | Cloud Appliance Library Appliances | Cloud Appliance Library Appliances version TITANIUM_WEBAPP 4.0 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | Application Server pour ABAP versions SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758 et 816 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | NetWeaver Application Server ABAP and ABAP Platform versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.14, 9.15 et 9.16 sans le dernier correctif de sécurité | ||
| SAP | Supplier Relationship Management | Supplier Relationship Management versions SRMNXP01 100 et 150 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP | NetWeaver Application Server ABAP versions RNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.12 et 9.14 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NetWeaver AS Java version SERVERCORE 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Financial Service Claims Management versions INSURANCE 803, 804, 805, 806, S4CEXT 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Financial Service Claims Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Print Service versions SAPSPRINT 8.00 et 8.10 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Print Service",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Data Hub Integration Suite version CX_DATAHUB_INT_PACK 2205 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Data Hub Integration Suite",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "BusinessObjects",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Application Server pour ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Cloud Appliance Library Appliances version TITANIUM_WEBAPP 4.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Cloud Appliance Library Appliances",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Application Server pour ABAP versions SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758 et 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP and ABAP Platform versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.14, 9.15 et 9.16 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Supplier Relationship Management versions SRMNXP01 100 et 150 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Supplier Relationship Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP versions RNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.12 et 9.14 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-42944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42944"
},
{
"name": "CVE-2025-42906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42906"
},
{
"name": "CVE-2025-42902",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42902"
},
{
"name": "CVE-2025-42903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42903"
},
{
"name": "CVE-2025-42910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42910"
},
{
"name": "CVE-2025-42909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42909"
},
{
"name": "CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"name": "CVE-2025-42984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42984"
},
{
"name": "CVE-2025-42908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42908"
},
{
"name": "CVE-2025-42937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42937"
},
{
"name": "CVE-2025-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0059"
},
{
"name": "CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"name": "CVE-2025-42939",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42939"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-31331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31331"
},
{
"name": "CVE-2025-42901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42901"
}
],
"initial_release_date": "2025-10-14T00:00:00",
"last_revision_date": "2025-10-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0867",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 SAP october-2025",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html"
}
]
}
CERTFR-2025-AVI-0756
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T | ||
| VMware | Tanzu | Tanzu for MySQL on Cloud Foundry versions antérieures à 10.0.2 | ||
| VMware | Tanzu | Java Buildpack versions antérieures à 4.84.0 | ||
| VMware | Tanzu | Stemcells pour Ubuntu Jammy Azure Light versions antérieures à 1.894 | ||
| VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 10.0.9 | ||
| VMware | Tanzu | Tanzu Scheduler versions antérieures à 2.0.20 | ||
| VMware | Tanzu | Spring Cloud Services for VMware Tanzu versions antérieures à 3.3.9 | ||
| VMware | Tanzu | Tanzu GemFire versions antérieures à 10.1.4 | ||
| VMware | Tanzu Operations Manager | Tanzu Operations Manager versions antérieures à 3.1.2 | ||
| VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 6.0.19+LTS-T | ||
| VMware | Tanzu | Single Sign-On for VMware Tanzu Application Service versions antérieures à 1.16.12 | ||
| VMware | Tanzu | Tanzu Hub versions antérieures à 10.2.1 | ||
| VMware | Tanzu | Stemcells pour Ubuntu Jammy versions antérieures à 1.894 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for MySQL on Cloud Foundry versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Java Buildpack versions ant\u00e9rieures \u00e0 4.84.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells pour Ubuntu Jammy Azure Light versions ant\u00e9rieures \u00e0 1.894",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.0.9",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Scheduler versions ant\u00e9rieures \u00e0 2.0.20",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services for VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.9",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.1.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Operations Manager versions ant\u00e9rieures \u00e0 3.1.2",
"product": {
"name": "Tanzu Operations Manager",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.19+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On for VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.12",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells pour Ubuntu Jammy versions ant\u00e9rieures \u00e0 1.894",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2013-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1548"
},
{
"name": "CVE-2015-4779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
},
{
"name": "CVE-2015-4780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
},
{
"name": "CVE-2015-4787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
},
{
"name": "CVE-2015-4790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
},
{
"name": "CVE-2015-4778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
},
{
"name": "CVE-2015-4782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
},
{
"name": "CVE-2015-4789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
},
{
"name": "CVE-2015-4764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
},
{
"name": "CVE-2015-4783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
},
{
"name": "CVE-2015-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
},
{
"name": "CVE-2015-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
},
{
"name": "CVE-2015-4776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
},
{
"name": "CVE-2015-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
},
{
"name": "CVE-2015-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
},
{
"name": "CVE-2015-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
},
{
"name": "CVE-2015-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
},
{
"name": "CVE-2015-4754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
},
{
"name": "CVE-2015-4775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
},
{
"name": "CVE-2015-4777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
},
{
"name": "CVE-2015-2640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
},
{
"name": "CVE-2015-4774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
},
{
"name": "CVE-2015-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
},
{
"name": "CVE-2015-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
},
{
"name": "CVE-2015-4784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
},
{
"name": "CVE-2015-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
},
{
"name": "CVE-2017-8046",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8046"
},
{
"name": "CVE-2018-3280",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3280"
},
{
"name": "CVE-2018-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3137"
},
{
"name": "CVE-2018-3285",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3285"
},
{
"name": "CVE-2018-3182",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3182"
},
{
"name": "CVE-2018-3186",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3186"
},
{
"name": "CVE-2018-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3195"
},
{
"name": "CVE-2018-3286",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3286"
},
{
"name": "CVE-2018-3170",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3170"
},
{
"name": "CVE-2018-3279",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3279"
},
{
"name": "CVE-2018-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3212"
},
{
"name": "CVE-2018-3203",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3203"
},
{
"name": "CVE-2018-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3145"
},
{
"name": "CVE-2019-2530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2530"
},
{
"name": "CVE-2019-2436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2436"
},
{
"name": "CVE-2019-2539",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2539"
},
{
"name": "CVE-2019-2494",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2494"
},
{
"name": "CVE-2019-2535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2535"
},
{
"name": "CVE-2019-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2533"
},
{
"name": "CVE-2019-2495",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2495"
},
{
"name": "CVE-2019-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2513"
},
{
"name": "CVE-2019-2536",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2536"
},
{
"name": "CVE-2019-2502",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2502"
},
{
"name": "CVE-2019-2634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2634"
},
{
"name": "CVE-2019-2587",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2587"
},
{
"name": "CVE-2019-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2584"
},
{
"name": "CVE-2019-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2691"
},
{
"name": "CVE-2019-2606",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2606"
},
{
"name": "CVE-2019-2630",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2630"
},
{
"name": "CVE-2019-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2624"
},
{
"name": "CVE-2019-2623",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2623"
},
{
"name": "CVE-2019-2695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2695"
},
{
"name": "CVE-2019-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2596"
},
{
"name": "CVE-2019-2580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2580"
},
{
"name": "CVE-2019-2644",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2644"
},
{
"name": "CVE-2019-2681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2681"
},
{
"name": "CVE-2019-2617",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2617"
},
{
"name": "CVE-2019-2636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2636"
},
{
"name": "CVE-2019-2689",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2689"
},
{
"name": "CVE-2019-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2693"
},
{
"name": "CVE-2019-2593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2593"
},
{
"name": "CVE-2019-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2625"
},
{
"name": "CVE-2019-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2585"
},
{
"name": "CVE-2019-2631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2631"
},
{
"name": "CVE-2019-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2694"
},
{
"name": "CVE-2019-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2620"
},
{
"name": "CVE-2019-2688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2688"
},
{
"name": "CVE-2019-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2589"
},
{
"name": "CVE-2019-2635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2635"
},
{
"name": "CVE-2019-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2626"
},
{
"name": "CVE-2019-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2686"
},
{
"name": "CVE-2019-2685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2685"
},
{
"name": "CVE-2019-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2687"
},
{
"name": "CVE-2019-2607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2607"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2019-2811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2811"
},
{
"name": "CVE-2019-2740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2740"
},
{
"name": "CVE-2019-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2879"
},
{
"name": "CVE-2019-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2808"
},
{
"name": "CVE-2019-2738",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2738"
},
{
"name": "CVE-2019-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2819"
},
{
"name": "CVE-2019-2737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2737"
},
{
"name": "CVE-2019-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2814"
},
{
"name": "CVE-2019-2778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2778"
},
{
"name": "CVE-2019-2822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2822"
},
{
"name": "CVE-2019-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2802"
},
{
"name": "CVE-2019-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2803"
},
{
"name": "CVE-2019-2752",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2752"
},
{
"name": "CVE-2019-2826",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2826"
},
{
"name": "CVE-2019-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2784"
},
{
"name": "CVE-2019-2789",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2789"
},
{
"name": "CVE-2019-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2801"
},
{
"name": "CVE-2019-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2791"
},
{
"name": "CVE-2019-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2798"
},
{
"name": "CVE-2019-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2796"
},
{
"name": "CVE-2019-2815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2815"
},
{
"name": "CVE-2019-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2810"
},
{
"name": "CVE-2019-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2780"
},
{
"name": "CVE-2019-2758",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2758"
},
{
"name": "CVE-2019-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2757"
},
{
"name": "CVE-2019-2785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2785"
},
{
"name": "CVE-2019-2747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2747"
},
{
"name": "CVE-2019-2741",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2741"
},
{
"name": "CVE-2019-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2830"
},
{
"name": "CVE-2019-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2834"
},
{
"name": "CVE-2019-2743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2743"
},
{
"name": "CVE-2019-2739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2739"
},
{
"name": "CVE-2019-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2805"
},
{
"name": "CVE-2019-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2797"
},
{
"name": "CVE-2019-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2774"
},
{
"name": "CVE-2019-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2795"
},
{
"name": "CVE-2019-2746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2746"
},
{
"name": "CVE-2019-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2812"
},
{
"name": "CVE-2019-2924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2924"
},
{
"name": "CVE-2019-2914",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2914"
},
{
"name": "CVE-2019-2960",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2960"
},
{
"name": "CVE-2019-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2923"
},
{
"name": "CVE-2019-2968",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2968"
},
{
"name": "CVE-2019-2993",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2993"
},
{
"name": "CVE-2019-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3009"
},
{
"name": "CVE-2019-2969",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2969"
},
{
"name": "CVE-2019-3011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3011"
},
{
"name": "CVE-2019-2967",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2967"
},
{
"name": "CVE-2019-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2946"
},
{
"name": "CVE-2019-2966",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2966"
},
{
"name": "CVE-2019-2957",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2957"
},
{
"name": "CVE-2019-2948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2948"
},
{
"name": "CVE-2019-2922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2922"
},
{
"name": "CVE-2019-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3004"
},
{
"name": "CVE-2019-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2998"
},
{
"name": "CVE-2019-2911",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2911"
},
{
"name": "CVE-2019-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2950"
},
{
"name": "CVE-2019-2910",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2910"
},
{
"name": "CVE-2019-3018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3018"
},
{
"name": "CVE-2019-2974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2974"
},
{
"name": "CVE-2019-2991",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2991"
},
{
"name": "CVE-2019-2997",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2997"
},
{
"name": "CVE-2019-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2938"
},
{
"name": "CVE-2019-3003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3003"
},
{
"name": "CVE-2019-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2982"
},
{
"name": "CVE-2019-2963",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2963"
},
{
"name": "CVE-2020-2579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2579"
},
{
"name": "CVE-2020-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2584"
},
{
"name": "CVE-2020-2577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2577"
},
{
"name": "CVE-2020-2679",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2679"
},
{
"name": "CVE-2020-2570",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2570"
},
{
"name": "CVE-2020-2572",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2572"
},
{
"name": "CVE-2020-2627",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2627"
},
{
"name": "CVE-2020-2660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2660"
},
{
"name": "CVE-2020-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2589"
},
{
"name": "CVE-2020-2573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2573"
},
{
"name": "CVE-2020-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2686"
},
{
"name": "CVE-2020-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2694"
},
{
"name": "CVE-2020-2574",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2574"
},
{
"name": "CVE-2020-2770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2770"
},
{
"name": "CVE-2020-2925",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2925"
},
{
"name": "CVE-2020-2853",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2853"
},
{
"name": "CVE-2020-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2774"
},
{
"name": "CVE-2020-2928",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2928"
},
{
"name": "CVE-2020-2897",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2897"
},
{
"name": "CVE-2020-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2812"
},
{
"name": "CVE-2020-2765",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2765"
},
{
"name": "CVE-2020-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2761"
},
{
"name": "CVE-2020-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2790"
},
{
"name": "CVE-2020-2752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2752"
},
{
"name": "CVE-2020-2904",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2904"
},
{
"name": "CVE-2020-2893",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2893"
},
{
"name": "CVE-2020-2760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2760"
},
{
"name": "CVE-2020-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2780"
},
{
"name": "CVE-2020-2903",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2903"
},
{
"name": "CVE-2020-2924",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2924"
},
{
"name": "CVE-2020-2806",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2806"
},
{
"name": "CVE-2020-2922",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2922"
},
{
"name": "CVE-2020-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2901"
},
{
"name": "CVE-2020-2926",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2926"
},
{
"name": "CVE-2020-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2923"
},
{
"name": "CVE-2020-2921",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2921"
},
{
"name": "CVE-2020-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2779"
},
{
"name": "CVE-2020-2892",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2892"
},
{
"name": "CVE-2020-2896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2896"
},
{
"name": "CVE-2020-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2804"
},
{
"name": "CVE-2020-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2895"
},
{
"name": "CVE-2020-2930",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2930"
},
{
"name": "CVE-2020-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2814"
},
{
"name": "CVE-2020-2759",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2759"
},
{
"name": "CVE-2020-2763",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2763"
},
{
"name": "CVE-2020-14550",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14550"
},
{
"name": "CVE-2020-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14567"
},
{
"name": "CVE-2020-14559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14559"
},
{
"name": "CVE-2020-14576",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14576"
},
{
"name": "CVE-2020-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14540"
},
{
"name": "CVE-2020-14547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14547"
},
{
"name": "CVE-2020-14553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14553"
},
{
"name": "CVE-2020-14539",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14539"
},
{
"name": "CVE-2020-14845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14845"
},
{
"name": "CVE-2020-14799",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14799"
},
{
"name": "CVE-2020-14793",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14793"
},
{
"name": "CVE-2020-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14888"
},
{
"name": "CVE-2020-14790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14790"
},
{
"name": "CVE-2020-14789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14789"
},
{
"name": "CVE-2020-14672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14672"
},
{
"name": "CVE-2020-14846",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14846"
},
{
"name": "CVE-2020-14771",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14771"
},
{
"name": "CVE-2020-14873",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14873"
},
{
"name": "CVE-2020-14791",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14791"
},
{
"name": "CVE-2020-14769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14769"
},
{
"name": "CVE-2020-14844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14844"
},
{
"name": "CVE-2020-14809",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14809"
},
{
"name": "CVE-2020-14860",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14860"
},
{
"name": "CVE-2020-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14866"
},
{
"name": "CVE-2020-14861",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14861"
},
{
"name": "CVE-2020-14773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14773"
},
{
"name": "CVE-2020-14776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14776"
},
{
"name": "CVE-2020-14852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14852"
},
{
"name": "CVE-2020-14760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14760"
},
{
"name": "CVE-2020-14870",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14870"
},
{
"name": "CVE-2020-14837",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14837"
},
{
"name": "CVE-2020-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14893"
},
{
"name": "CVE-2020-14836",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14836"
},
{
"name": "CVE-2020-14829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14829"
},
{
"name": "CVE-2020-14868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14868"
},
{
"name": "CVE-2020-14827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14827"
},
{
"name": "CVE-2020-14839",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14839"
},
{
"name": "CVE-2020-14777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14777"
},
{
"name": "CVE-2020-14812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14812"
},
{
"name": "CVE-2020-14775",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14775"
},
{
"name": "CVE-2020-14838",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14838"
},
{
"name": "CVE-2020-14869",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14869"
},
{
"name": "CVE-2020-14765",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14765"
},
{
"name": "CVE-2020-14814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14814"
},
{
"name": "CVE-2020-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14821"
},
{
"name": "CVE-2020-14830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14830"
},
{
"name": "CVE-2020-14828",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14828"
},
{
"name": "CVE-2020-14804",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14804"
},
{
"name": "CVE-2020-14800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14800"
},
{
"name": "CVE-2020-14891",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14891"
},
{
"name": "CVE-2020-14848",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14848"
},
{
"name": "CVE-2020-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14867"
},
{
"name": "CVE-2020-14785",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14785"
},
{
"name": "CVE-2020-14794",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14794"
},
{
"name": "CVE-2020-14786",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14786"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-2010",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2010"
},
{
"name": "CVE-2021-2001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2001"
},
{
"name": "CVE-2021-2060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2060"
},
{
"name": "CVE-2021-2014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2014"
},
{
"name": "CVE-2021-2032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2032"
},
{
"name": "CVE-2021-2036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2036"
},
{
"name": "CVE-2021-2007",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2007"
},
{
"name": "CVE-2021-2011",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2011"
},
{
"name": "CVE-2021-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2022"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2021-2308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2308"
},
{
"name": "CVE-2021-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2213"
},
{
"name": "CVE-2021-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2172"
},
{
"name": "CVE-2021-2293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2293"
},
{
"name": "CVE-2021-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2208"
},
{
"name": "CVE-2021-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2196"
},
{
"name": "CVE-2021-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
},
{
"name": "CVE-2021-2298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2298"
},
{
"name": "CVE-2021-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
},
{
"name": "CVE-2021-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
},
{
"name": "CVE-2021-2307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
},
{
"name": "CVE-2021-2217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2217"
},
{
"name": "CVE-2021-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
},
{
"name": "CVE-2021-2203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2203"
},
{
"name": "CVE-2021-2144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
},
{
"name": "CVE-2021-2226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
},
{
"name": "CVE-2021-2232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2232"
},
{
"name": "CVE-2021-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
},
{
"name": "CVE-2021-2301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2301"
},
{
"name": "CVE-2021-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
},
{
"name": "CVE-2021-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
},
{
"name": "CVE-2021-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
},
{
"name": "CVE-2021-2154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
},
{
"name": "CVE-2021-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2193"
},
{
"name": "CVE-2021-2300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2300"
},
{
"name": "CVE-2021-2299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2299"
},
{
"name": "CVE-2021-2212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2212"
},
{
"name": "CVE-2021-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
},
{
"name": "CVE-2021-2146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
},
{
"name": "CVE-2021-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2230"
},
{
"name": "CVE-2021-2278",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2278"
},
{
"name": "CVE-2021-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2164"
},
{
"name": "CVE-2021-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2201"
},
{
"name": "CVE-2021-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2170"
},
{
"name": "CVE-2021-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2304"
},
{
"name": "CVE-2021-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
},
{
"name": "CVE-2021-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
},
{
"name": "CVE-2021-2305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2305"
},
{
"name": "CVE-2021-2215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2215"
},
{
"name": "CVE-2021-25214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
},
{
"name": "CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2021-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2370"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2021-2444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2444"
},
{
"name": "CVE-2021-2429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2429"
},
{
"name": "CVE-2021-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2426"
},
{
"name": "CVE-2021-2427",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2427"
},
{
"name": "CVE-2021-2339",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2339"
},
{
"name": "CVE-2021-2425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2425"
},
{
"name": "CVE-2021-2387",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2387"
},
{
"name": "CVE-2021-2383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2383"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2021-2399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2399"
},
{
"name": "CVE-2021-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2384"
},
{
"name": "CVE-2021-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2412"
},
{
"name": "CVE-2021-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2441"
},
{
"name": "CVE-2021-2410",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2410"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2021-2437",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2437"
},
{
"name": "CVE-2021-2417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2417"
},
{
"name": "CVE-2021-2424",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2424"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2021-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2357"
},
{
"name": "CVE-2021-2352",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2352"
},
{
"name": "CVE-2021-2402",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2402"
},
{
"name": "CVE-2021-2440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2440"
},
{
"name": "CVE-2021-2340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2340"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2021-2374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2374"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2021-2411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2411"
},
{
"name": "CVE-2021-2418",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2418"
},
{
"name": "CVE-2021-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2367"
},
{
"name": "CVE-2021-2354",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2354"
},
{
"name": "CVE-2021-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2422"
},
{
"name": "CVE-2020-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
},
{
"name": "CVE-2020-12723",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2021-35640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35640"
},
{
"name": "CVE-2021-35626",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35626"
},
{
"name": "CVE-2021-2478",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2478"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2021-35583",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35583"
},
{
"name": "CVE-2021-35628",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35628"
},
{
"name": "CVE-2021-35630",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35630"
},
{
"name": "CVE-2021-35644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35644"
},
{
"name": "CVE-2021-2479",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2479"
},
{
"name": "CVE-2021-35638",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35638"
},
{
"name": "CVE-2021-35646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35646"
},
{
"name": "CVE-2021-35596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35596"
},
{
"name": "CVE-2021-35643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35643"
},
{
"name": "CVE-2021-35637",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35637"
},
{
"name": "CVE-2021-35623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35623"
},
{
"name": "CVE-2021-35632",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35632"
},
{
"name": "CVE-2021-35641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35641"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-35636",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35636"
},
{
"name": "CVE-2021-35546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35546"
},
{
"name": "CVE-2021-35627",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35627"
},
{
"name": "CVE-2021-35625",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35625"
},
{
"name": "CVE-2021-35608",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35608"
},
{
"name": "CVE-2021-35597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35597"
},
{
"name": "CVE-2021-35537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35537"
},
{
"name": "CVE-2021-2481",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2481"
},
{
"name": "CVE-2021-35622",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35622"
},
{
"name": "CVE-2021-35610",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35610"
},
{
"name": "CVE-2021-35633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35633"
},
{
"name": "CVE-2021-35634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35634"
},
{
"name": "CVE-2021-35629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35629"
},
{
"name": "CVE-2021-35631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35631"
},
{
"name": "CVE-2021-35645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35645"
},
{
"name": "CVE-2021-35647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35647"
},
{
"name": "CVE-2021-35612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35612"
},
{
"name": "CVE-2021-35639",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35639"
},
{
"name": "CVE-2021-35648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35648"
},
{
"name": "CVE-2021-35607",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35607"
},
{
"name": "CVE-2021-35602",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35602"
},
{
"name": "CVE-2021-35577",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35577"
},
{
"name": "CVE-2021-35642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35642"
},
{
"name": "CVE-2021-35575",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35575"
},
{
"name": "CVE-2021-35635",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35635"
},
{
"name": "CVE-2021-35591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35591"
},
{
"name": "CVE-2021-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25219"
},
{
"name": "CVE-2021-3875",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3875"
},
{
"name": "CVE-2019-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
},
{
"name": "CVE-2022-21352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21352"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2022-21254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21254"
},
{
"name": "CVE-2022-21265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21265"
},
{
"name": "CVE-2022-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21348"
},
{
"name": "CVE-2022-21372",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21372"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2022-21368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21368"
},
{
"name": "CVE-2022-21339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21339"
},
{
"name": "CVE-2022-21264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21264"
},
{
"name": "CVE-2022-21297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21297"
},
{
"name": "CVE-2022-21379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21379"
},
{
"name": "CVE-2022-21253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21253"
},
{
"name": "CVE-2022-21301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21301"
},
{
"name": "CVE-2022-21378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21378"
},
{
"name": "CVE-2022-21370",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21370"
},
{
"name": "CVE-2022-21302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21302"
},
{
"name": "CVE-2022-21249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21249"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2022-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21342"
},
{
"name": "CVE-2022-21362",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21362"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2022-21256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21256"
},
{
"name": "CVE-2022-21358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21358"
},
{
"name": "CVE-2022-21374",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21374"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-21418",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21418"
},
{
"name": "CVE-2022-21412",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21412"
},
{
"name": "CVE-2022-21437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21437"
},
{
"name": "CVE-2022-21478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21478"
},
{
"name": "CVE-2022-21479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21479"
},
{
"name": "CVE-2022-21438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21438"
},
{
"name": "CVE-2022-21440",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21440"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2022-21415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21415"
},
{
"name": "CVE-2022-21459",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21459"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2022-21414",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21414"
},
{
"name": "CVE-2022-21413",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21413"
},
{
"name": "CVE-2022-21436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21436"
},
{
"name": "CVE-2022-21435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21435"
},
{
"name": "CVE-2022-21462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21462"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2022-21457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21457"
},
{
"name": "CVE-2022-21425",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21425"
},
{
"name": "CVE-2022-21452",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21452"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2021-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
},
{
"name": "CVE-2021-4122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4122"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2022-21525",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21525"
},
{
"name": "CVE-2022-21537",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21537"
},
{
"name": "CVE-2022-21455",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21455"
},
{
"name": "CVE-2022-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21534"
},
{
"name": "CVE-2022-21528",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21528"
},
{
"name": "CVE-2022-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21529"
},
{
"name": "CVE-2022-21531",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21531"
},
{
"name": "CVE-2022-21515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21515"
},
{
"name": "CVE-2022-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21538"
},
{
"name": "CVE-2022-21527",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21527"
},
{
"name": "CVE-2022-21517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21517"
},
{
"name": "CVE-2022-21539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21539"
},
{
"name": "CVE-2022-21556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21556"
},
{
"name": "CVE-2022-21509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21509"
},
{
"name": "CVE-2022-21553",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21553"
},
{
"name": "CVE-2022-21530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21530"
},
{
"name": "CVE-2022-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21522"
},
{
"name": "CVE-2022-21547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21547"
},
{
"name": "CVE-2022-21569",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21569"
},
{
"name": "CVE-2022-21526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21526"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2022-0396",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0396"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2023-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
},
{
"name": "CVE-2023-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
},
{
"name": "CVE-2023-21879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
},
{
"name": "CVE-2023-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
},
{
"name": "CVE-2023-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
},
{
"name": "CVE-2023-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
},
{
"name": "CVE-2023-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
},
{
"name": "CVE-2023-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
},
{
"name": "CVE-2023-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
},
{
"name": "CVE-2023-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
},
{
"name": "CVE-2023-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
},
{
"name": "CVE-2023-21876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2023-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
},
{
"name": "CVE-2023-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
},
{
"name": "CVE-2023-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
},
{
"name": "CVE-2023-21865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
},
{
"name": "CVE-2023-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
},
{
"name": "CVE-2023-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
},
{
"name": "CVE-2023-21874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
},
{
"name": "CVE-2023-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2023-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-20873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
},
{
"name": "CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-22053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22053"
},
{
"name": "CVE-2023-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22007"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2023-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22097"
},
{
"name": "CVE-2023-22084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22084"
},
{
"name": "CVE-2023-22026",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22026"
},
{
"name": "CVE-2023-22028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22028"
},
{
"name": "CVE-2023-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22015"
},
{
"name": "CVE-2023-22103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22103"
},
{
"name": "CVE-2023-22068",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22068"
},
{
"name": "CVE-2023-22078",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22078"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-22059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22059"
},
{
"name": "CVE-2023-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22066"
},
{
"name": "CVE-2023-22114",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22114"
},
{
"name": "CVE-2023-22070",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22070"
},
{
"name": "CVE-2023-22032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22032"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2023-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2021-20193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-47100",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47100"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2022-27772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27772"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-26686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26686"
},
{
"name": "CVE-2023-52572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52572"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2023-3138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2024-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26739"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2023-52757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
},
{
"name": "CVE-2024-35866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35866"
},
{
"name": "CVE-2024-35867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35867"
},
{
"name": "CVE-2024-35943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35943"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2024-21137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21137"
},
{
"name": "CVE-2024-0760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2024-36908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36908"
},
{
"name": "CVE-2024-27402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27402"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2022-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2023-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5841"
},
{
"name": "CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2023-6246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46751"
},
{
"name": "CVE-2024-46753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
},
{
"name": "CVE-2024-46774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46774"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2022-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
},
{
"name": "CVE-2024-21193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21193"
},
{
"name": "CVE-2024-21194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21194"
},
{
"name": "CVE-2024-21196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21196"
},
{
"name": "CVE-2024-21197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21197"
},
{
"name": "CVE-2024-21198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21198"
},
{
"name": "CVE-2024-21199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21199"
},
{
"name": "CVE-2024-21201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21201"
},
{
"name": "CVE-2024-21207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21207"
},
{
"name": "CVE-2024-21209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21209"
},
{
"name": "CVE-2024-21212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21212"
},
{
"name": "CVE-2024-21213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21213"
},
{
"name": "CVE-2024-21219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21219"
},
{
"name": "CVE-2024-21236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21236"
},
{
"name": "CVE-2024-21239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21239"
},
{
"name": "CVE-2024-21241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21241"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-10487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10487"
},
{
"name": "CVE-2024-10458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10458"
},
{
"name": "CVE-2024-10459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10459"
},
{
"name": "CVE-2024-10460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10460"
},
{
"name": "CVE-2024-10461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10461"
},
{
"name": "CVE-2024-10462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10462"
},
{
"name": "CVE-2024-10463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10463"
},
{
"name": "CVE-2024-10464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10464"
},
{
"name": "CVE-2024-10465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10465"
},
{
"name": "CVE-2024-10466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10466"
},
{
"name": "CVE-2024-10467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10467"
},
{
"name": "CVE-2024-10468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10468"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2024-46816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
},
{
"name": "CVE-2024-11395",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11395"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-11691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11691"
},
{
"name": "CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"name": "CVE-2024-11693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11693"
},
{
"name": "CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"name": "CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"name": "CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"name": "CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"name": "CVE-2024-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11698"
},
{
"name": "CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"name": "CVE-2024-11700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11700"
},
{
"name": "CVE-2024-11701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11701"
},
{
"name": "CVE-2024-11702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11702"
},
{
"name": "CVE-2024-11703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11703"
},
{
"name": "CVE-2024-11704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11704"
},
{
"name": "CVE-2024-11705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11705"
},
{
"name": "CVE-2024-11706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11706"
},
{
"name": "CVE-2024-11708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11708"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2025-0237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0237"
},
{
"name": "CVE-2025-0238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0238"
},
{
"name": "CVE-2025-0239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0239"
},
{
"name": "CVE-2025-0240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0240"
},
{
"name": "CVE-2025-0241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0241"
},
{
"name": "CVE-2025-0242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0242"
},
{
"name": "CVE-2025-0243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0243"
},
{
"name": "CVE-2025-0245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0245"
},
{
"name": "CVE-2025-0247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0247"
},
{
"name": "CVE-2025-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0434"
},
{
"name": "CVE-2025-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0435"
},
{
"name": "CVE-2025-0436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0436"
},
{
"name": "CVE-2025-0437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0437"
},
{
"name": "CVE-2025-0438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0438"
},
{
"name": "CVE-2025-0439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0439"
},
{
"name": "CVE-2025-0440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0440"
},
{
"name": "CVE-2025-0441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0441"
},
{
"name": "CVE-2025-0442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0442"
},
{
"name": "CVE-2025-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0443"
},
{
"name": "CVE-2025-0446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0446"
},
{
"name": "CVE-2025-0447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0447"
},
{
"name": "CVE-2025-0448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0448"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-0612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0612"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0444"
},
{
"name": "CVE-2025-0445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0445"
},
{
"name": "CVE-2025-0451",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0451"
},
{
"name": "CVE-2025-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0762"
},
{
"name": "CVE-2025-1009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1009"
},
{
"name": "CVE-2025-1010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1010"
},
{
"name": "CVE-2025-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1011"
},
{
"name": "CVE-2025-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1012"
},
{
"name": "CVE-2025-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1013"
},
{
"name": "CVE-2025-1014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1014"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2025-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1016"
},
{
"name": "CVE-2025-1017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1017"
},
{
"name": "CVE-2025-1018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1018"
},
{
"name": "CVE-2025-1019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1019"
},
{
"name": "CVE-2025-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1020"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2025-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0995"
},
{
"name": "CVE-2025-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0996"
},
{
"name": "CVE-2025-0997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0997"
},
{
"name": "CVE-2025-0998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0998"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-1414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1414"
},
{
"name": "CVE-2025-0999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0999"
},
{
"name": "CVE-2025-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1006"
},
{
"name": "CVE-2025-1426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1426"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2023-39017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-1914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1914"
},
{
"name": "CVE-2025-1915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1915"
},
{
"name": "CVE-2025-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1916"
},
{
"name": "CVE-2025-1917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1917"
},
{
"name": "CVE-2025-1918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1918"
},
{
"name": "CVE-2025-1919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1919"
},
{
"name": "CVE-2025-1921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1921"
},
{
"name": "CVE-2025-1922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1922"
},
{
"name": "CVE-2025-1923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1923"
},
{
"name": "CVE-2025-1930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1930"
},
{
"name": "CVE-2025-1931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1931"
},
{
"name": "CVE-2025-1932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1932"
},
{
"name": "CVE-2025-1933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1933"
},
{
"name": "CVE-2025-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1934"
},
{
"name": "CVE-2025-1935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1935"
},
{
"name": "CVE-2025-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1936"
},
{
"name": "CVE-2025-1937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1937"
},
{
"name": "CVE-2025-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1938"
},
{
"name": "CVE-2025-1939",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1939"
},
{
"name": "CVE-2025-1940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1940"
},
{
"name": "CVE-2025-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1941"
},
{
"name": "CVE-2025-1942",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1942"
},
{
"name": "CVE-2025-1943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1943"
},
{
"name": "CVE-2025-1920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1920"
},
{
"name": "CVE-2025-2135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2135"
},
{
"name": "CVE-2025-2136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2136"
},
{
"name": "CVE-2025-2137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2137"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-45772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45772"
},
{
"name": "CVE-2025-2476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2476"
},
{
"name": "CVE-2025-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2857"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-2783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"
},
{
"name": "CVE-2022-49063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49063"
},
{
"name": "CVE-2022-49535",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49535"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2025-3066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3066"
},
{
"name": "CVE-2025-3067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3067"
},
{
"name": "CVE-2025-3068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3068"
},
{
"name": "CVE-2025-3071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3071"
},
{
"name": "CVE-2025-3072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3072"
},
{
"name": "CVE-2025-3073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3073"
},
{
"name": "CVE-2025-3074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3074"
},
{
"name": "CVE-2025-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3028"
},
{
"name": "CVE-2025-3029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3029"
},
{
"name": "CVE-2025-3030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3030"
},
{
"name": "CVE-2025-3031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3031"
},
{
"name": "CVE-2025-3032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3032"
},
{
"name": "CVE-2025-3033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3033"
},
{
"name": "CVE-2025-3034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3034"
},
{
"name": "CVE-2025-3035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3035"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2025-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3608"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-21588",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21588"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3619"
},
{
"name": "CVE-2025-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3620"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-4050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4050"
},
{
"name": "CVE-2025-4051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4051"
},
{
"name": "CVE-2025-4052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4052"
},
{
"name": "CVE-2025-4096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4096"
},
{
"name": "CVE-2025-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2817"
},
{
"name": "CVE-2025-4082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4082"
},
{
"name": "CVE-2025-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4083"
},
{
"name": "CVE-2025-4085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4085"
},
{
"name": "CVE-2025-4087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4087"
},
{
"name": "CVE-2025-4088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4088"
},
{
"name": "CVE-2025-4089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4089"
},
{
"name": "CVE-2025-4090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4090"
},
{
"name": "CVE-2025-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4091"
},
{
"name": "CVE-2025-4092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4092"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2024-46742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46742"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
},
{
"name": "CVE-2025-22027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22027"
},
{
"name": "CVE-2025-22035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
},
{
"name": "CVE-2025-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
},
{
"name": "CVE-2025-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
},
{
"name": "CVE-2025-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
},
{
"name": "CVE-2025-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
},
{
"name": "CVE-2025-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
},
{
"name": "CVE-2025-22071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
},
{
"name": "CVE-2025-22073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
},
{
"name": "CVE-2025-22075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
},
{
"name": "CVE-2025-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
},
{
"name": "CVE-2025-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
},
{
"name": "CVE-2025-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-37838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37838"
},
{
"name": "CVE-2025-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
},
{
"name": "CVE-2025-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-39728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-29087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29087"
},
{
"name": "CVE-2025-3277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3277"
},
{
"name": "CVE-2025-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4609"
},
{
"name": "CVE-2025-4664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4664"
},
{
"name": "CVE-2025-4372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4372"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-4918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4918"
},
{
"name": "CVE-2025-4919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4919"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2025-5063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5063"
},
{
"name": "CVE-2025-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5064"
},
{
"name": "CVE-2025-5065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5065"
},
{
"name": "CVE-2025-5066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5066"
},
{
"name": "CVE-2025-5067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5067"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2022-49728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2025-22062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22062"
},
{
"name": "CVE-2025-23145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23145"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-5263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5263"
},
{
"name": "CVE-2025-5264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5264"
},
{
"name": "CVE-2025-5265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5265"
},
{
"name": "CVE-2025-5266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5266"
},
{
"name": "CVE-2025-5267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5267"
},
{
"name": "CVE-2025-5268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5268"
},
{
"name": "CVE-2025-5270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5270"
},
{
"name": "CVE-2025-5271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5271"
},
{
"name": "CVE-2025-5272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5272"
},
{
"name": "CVE-2025-5281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5281"
},
{
"name": "CVE-2025-5283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2025-23140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23140"
},
{
"name": "CVE-2025-23142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23142"
},
{
"name": "CVE-2025-23144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23144"
},
{
"name": "CVE-2025-23146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23146"
},
{
"name": "CVE-2025-23147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23147"
},
{
"name": "CVE-2025-23148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23148"
},
{
"name": "CVE-2025-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
},
{
"name": "CVE-2025-23151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23151"
},
{
"name": "CVE-2025-23156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23156"
},
{
"name": "CVE-2025-23157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23157"
},
{
"name": "CVE-2025-23158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23158"
},
{
"name": "CVE-2025-23159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23159"
},
{
"name": "CVE-2025-23161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23161"
},
{
"name": "CVE-2025-23163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23163"
},
{
"name": "CVE-2025-37738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
},
{
"name": "CVE-2025-37739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37739"
},
{
"name": "CVE-2025-37740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37740"
},
{
"name": "CVE-2025-37741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37741"
},
{
"name": "CVE-2025-37742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37742"
},
{
"name": "CVE-2025-37756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
},
{
"name": "CVE-2025-37757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37757"
},
{
"name": "CVE-2025-37758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37758"
},
{
"name": "CVE-2025-37765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37765"
},
{
"name": "CVE-2025-37766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37766"
},
{
"name": "CVE-2025-37767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37767"
},
{
"name": "CVE-2025-37768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37768"
},
{
"name": "CVE-2025-37770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37770"
},
{
"name": "CVE-2025-37771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37771"
},
{
"name": "CVE-2025-37773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37773"
},
{
"name": "CVE-2025-37780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37780"
},
{
"name": "CVE-2025-37781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37781"
},
{
"name": "CVE-2025-37787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37787"
},
{
"name": "CVE-2025-37788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37788"
},
{
"name": "CVE-2025-37789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37789"
},
{
"name": "CVE-2025-37790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37790"
},
{
"name": "CVE-2025-37792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37792"
},
{
"name": "CVE-2025-37794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37794"
},
{
"name": "CVE-2025-37796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37796"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-37803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37803"
},
{
"name": "CVE-2025-37805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37805"
},
{
"name": "CVE-2025-37808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37808"
},
{
"name": "CVE-2025-37810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37810"
},
{
"name": "CVE-2025-37811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37811"
},
{
"name": "CVE-2025-37812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37812"
},
{
"name": "CVE-2025-37817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37817"
},
{
"name": "CVE-2025-37823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37823"
},
{
"name": "CVE-2025-37824",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37824"
},
{
"name": "CVE-2025-37829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37829"
},
{
"name": "CVE-2025-37830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37830"
},
{
"name": "CVE-2025-37836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37836"
},
{
"name": "CVE-2025-37839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37839"
},
{
"name": "CVE-2025-37840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37840"
},
{
"name": "CVE-2025-37841",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37841"
},
{
"name": "CVE-2025-37844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37844"
},
{
"name": "CVE-2025-37850",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37850"
},
{
"name": "CVE-2025-37851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37851"
},
{
"name": "CVE-2025-37857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37857"
},
{
"name": "CVE-2025-37858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37858"
},
{
"name": "CVE-2025-37859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37859"
},
{
"name": "CVE-2025-37862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37862"
},
{
"name": "CVE-2025-37867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37867"
},
{
"name": "CVE-2025-37871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37871"
},
{
"name": "CVE-2025-37875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37875"
},
{
"name": "CVE-2025-37881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37881"
},
{
"name": "CVE-2025-37883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37883"
},
{
"name": "CVE-2025-37885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37885"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2025-37892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37892"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2025-37940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37940"
},
{
"name": "CVE-2025-37982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37982"
},
{
"name": "CVE-2025-37983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37983"
},
{
"name": "CVE-2025-37985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37985"
},
{
"name": "CVE-2025-37989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37989"
},
{
"name": "CVE-2025-37819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37819"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-37905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37905"
},
{
"name": "CVE-2025-37909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37909"
},
{
"name": "CVE-2025-37911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37911"
},
{
"name": "CVE-2025-37912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37912"
},
{
"name": "CVE-2025-37913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37913"
},
{
"name": "CVE-2025-37914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37914"
},
{
"name": "CVE-2025-37915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37915"
},
{
"name": "CVE-2025-37923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37923"
},
{
"name": "CVE-2025-37927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37927"
},
{
"name": "CVE-2025-37930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37930"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
},
{
"name": "CVE-2025-37964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37964"
},
{
"name": "CVE-2025-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
},
{
"name": "CVE-2025-37969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
},
{
"name": "CVE-2025-37970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
},
{
"name": "CVE-2025-37990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37990"
},
{
"name": "CVE-2025-37991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37991"
},
{
"name": "CVE-2025-5068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5068"
},
{
"name": "CVE-2025-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5419"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2025-49709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49709"
},
{
"name": "CVE-2025-49710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49710"
},
{
"name": "CVE-2023-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"name": "CVE-2023-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2025-29088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29088"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-5958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5958"
},
{
"name": "CVE-2025-5959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5959"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-6191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6191"
},
{
"name": "CVE-2025-6192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6192"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2022-49168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49168"
},
{
"name": "CVE-2025-37998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
},
{
"name": "CVE-2023-42366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
},
{
"name": "CVE-2025-6424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6424"
},
{
"name": "CVE-2025-6425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6425"
},
{
"name": "CVE-2025-6426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6426"
},
{
"name": "CVE-2025-6427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6427"
},
{
"name": "CVE-2025-6429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6429"
},
{
"name": "CVE-2025-6430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6430"
},
{
"name": "CVE-2025-6432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6432"
},
{
"name": "CVE-2025-6433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6433"
},
{
"name": "CVE-2025-6434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6434"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2025-6555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6555"
},
{
"name": "CVE-2025-6556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6556"
},
{
"name": "CVE-2025-6557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6557"
},
{
"name": "CVE-2025-6435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6435"
},
{
"name": "CVE-2025-6436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6436"
},
{
"name": "CVE-2025-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6554"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-49636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2025-37992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37992"
},
{
"name": "CVE-2025-37994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37994"
},
{
"name": "CVE-2025-37995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37995"
},
{
"name": "CVE-2025-38005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38005"
},
{
"name": "CVE-2025-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38009"
},
{
"name": "CVE-2025-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38023"
},
{
"name": "CVE-2025-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-6558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
},
{
"name": "CVE-2025-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7656"
},
{
"name": "CVE-2025-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7657"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2022-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21546"
},
{
"name": "CVE-2020-16156",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16156"
},
{
"name": "CVE-2025-8010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8010"
},
{
"name": "CVE-2025-8011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8011"
},
{
"name": "CVE-2025-8027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8027"
},
{
"name": "CVE-2025-8028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8028"
},
{
"name": "CVE-2025-8029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8029"
},
{
"name": "CVE-2025-8030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8030"
},
{
"name": "CVE-2025-8031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8031"
},
{
"name": "CVE-2025-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8032"
},
{
"name": "CVE-2025-8033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8033"
},
{
"name": "CVE-2025-8034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8034"
},
{
"name": "CVE-2025-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8035"
},
{
"name": "CVE-2025-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8036"
},
{
"name": "CVE-2025-8037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8037"
},
{
"name": "CVE-2025-8038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8038"
},
{
"name": "CVE-2025-8039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8039"
},
{
"name": "CVE-2025-8040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8040"
},
{
"name": "CVE-2025-8041",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8041"
},
{
"name": "CVE-2025-8043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8043"
},
{
"name": "CVE-2025-8044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8044"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2025-38094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38094"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-8292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8292"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-8576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8576"
},
{
"name": "CVE-2025-8577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8577"
},
{
"name": "CVE-2025-8578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8578"
},
{
"name": "CVE-2025-8579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8579"
},
{
"name": "CVE-2025-8580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8580"
},
{
"name": "CVE-2025-8581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8581"
},
{
"name": "CVE-2025-8582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8582"
},
{
"name": "CVE-2025-8583",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8583"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2025-8879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8879"
},
{
"name": "CVE-2025-8880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8880"
},
{
"name": "CVE-2025-8881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8881"
},
{
"name": "CVE-2025-8882",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8882"
},
{
"name": "CVE-2025-8901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8901"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2025-9132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9132"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2005-2541",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2541"
},
{
"name": "CVE-2008-5727",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5727"
},
{
"name": "CVE-2008-5728",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5728"
},
{
"name": "CVE-2008-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5729"
},
{
"name": "CVE-2008-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5730"
},
{
"name": "CVE-2008-5742",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5742"
},
{
"name": "CVE-2011-3374",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
},
{
"name": "CVE-2014-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
},
{
"name": "CVE-2015-2214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2214"
},
{
"name": "CVE-2016-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
},
{
"name": "CVE-2016-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
},
{
"name": "CVE-2016-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
},
{
"name": "CVE-2016-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
},
{
"name": "CVE-2016-2149",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2149"
},
{
"name": "CVE-2016-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2160"
},
{
"name": "CVE-2016-3418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
},
{
"name": "CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"name": "CVE-2017-12195",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12195"
},
{
"name": "CVE-2017-12629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
},
{
"name": "CVE-2017-3604",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
},
{
"name": "CVE-2017-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
},
{
"name": "CVE-2017-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
},
{
"name": "CVE-2017-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
},
{
"name": "CVE-2017-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
},
{
"name": "CVE-2017-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
},
{
"name": "CVE-2017-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
},
{
"name": "CVE-2017-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
},
{
"name": "CVE-2017-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
},
{
"name": "CVE-2017-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
},
{
"name": "CVE-2017-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
},
{
"name": "CVE-2017-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
},
{
"name": "CVE-2017-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
},
{
"name": "CVE-2017-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
},
{
"name": "CVE-2018-1000169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000169"
},
{
"name": "CVE-2018-1196",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1196"
},
{
"name": "CVE-2018-1273",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1273"
},
{
"name": "CVE-2019-10782",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10782"
},
{
"name": "CVE-2019-9658",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9658"
},
{
"name": "CVE-2020-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
},
{
"name": "CVE-2021-20298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20298"
},
{
"name": "CVE-2021-20304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20304"
},
{
"name": "CVE-2021-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22055"
},
{
"name": "CVE-2021-23169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23169"
},
{
"name": "CVE-2021-3236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3236"
},
{
"name": "CVE-2022-0635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0635"
},
{
"name": "CVE-2022-0667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0667"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2022-39046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
},
{
"name": "CVE-2022-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
},
{
"name": "CVE-2022-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
},
{
"name": "CVE-2022-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
},
{
"name": "CVE-2022-44638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
},
{
"name": "CVE-2023-31437",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
},
{
"name": "CVE-2023-31438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
},
{
"name": "CVE-2023-31439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
},
{
"name": "CVE-2023-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
},
{
"name": "CVE-2023-39810",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39810"
},
{
"name": "CVE-2023-4156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4156"
},
{
"name": "CVE-2023-4320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4320"
},
{
"name": "CVE-2023-43785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
},
{
"name": "CVE-2023-43786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
},
{
"name": "CVE-2023-43787",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
},
{
"name": "CVE-2023-46129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46129"
},
{
"name": "CVE-2023-47039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
},
{
"name": "CVE-2023-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5189"
},
{
"name": "CVE-2024-11584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2024-22047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22047"
},
{
"name": "CVE-2024-2397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2397"
},
{
"name": "CVE-2024-26462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
},
{
"name": "CVE-2024-31047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31047"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2024-6174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
},
{
"name": "CVE-2024-7012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7012"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2025-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
},
{
"name": "CVE-2025-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-26519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26519"
},
{
"name": "CVE-2025-27587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"name": "CVE-2025-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-6170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"name": "CVE-2025-6297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2025-8262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8262"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-9179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9179"
},
{
"name": "CVE-2025-9180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9180"
},
{
"name": "CVE-2025-9181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9181"
},
{
"name": "CVE-2025-9182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9182"
},
{
"name": "CVE-2025-9183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9183"
},
{
"name": "CVE-2025-9184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9184"
},
{
"name": "CVE-2025-9185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9185"
},
{
"name": "CVE-2025-9187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9187"
},
{
"name": "CVE-2025-9308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9308"
}
],
"initial_release_date": "2025-09-05T00:00:00",
"last_revision_date": "2025-09-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0756",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36093",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36093"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36102",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36102"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36101",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36101"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36100",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36100"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36105",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36105"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36091",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36091"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36078",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36078"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36107",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36107"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36094",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36094"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36097",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36097"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-46",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36104"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36108",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36108"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36095",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36095"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-09",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36090"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36096",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36096"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36106",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36106"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36109",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36109"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36098",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36098"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36111"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36103",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36103"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36099",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36099"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36092",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36092"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36110",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36110"
}
]
}
opensuse-su-2025:15482-1
Vulnerability from csaf_opensuse
Published
2025-08-22 00:00
Modified
2025-08-22 00:00
Summary
jetty-annotations-9.4.58-1.1 on GA media
Notes
Title of the patch
jetty-annotations-9.4.58-1.1 on GA media
Description of the patch
These are all security issues fixed in the jetty-annotations-9.4.58-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15482
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jetty-annotations-9.4.58-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jetty-annotations-9.4.58-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15482",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15482-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5115/"
}
],
"title": "jetty-annotations-9.4.58-1.1 on GA media",
"tracking": {
"current_release_date": "2025-08-22T00:00:00Z",
"generator": {
"date": "2025-08-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15482-1",
"initial_release_date": "2025-08-22T00:00:00Z",
"revision_history": [
{
"date": "2025-08-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-annotations-9.4.58-1.1.aarch64",
"product_id": "jetty-annotations-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-ant-9.4.58-1.1.aarch64",
"product_id": "jetty-ant-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-cdi-9.4.58-1.1.aarch64",
"product_id": "jetty-cdi-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-client-9.4.58-1.1.aarch64",
"product_id": "jetty-client-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-continuation-9.4.58-1.1.aarch64",
"product_id": "jetty-continuation-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-deploy-9.4.58-1.1.aarch64",
"product_id": "jetty-deploy-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-fcgi-9.4.58-1.1.aarch64",
"product_id": "jetty-fcgi-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-http-9.4.58-1.1.aarch64",
"product_id": "jetty-http-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-http-spi-9.4.58-1.1.aarch64",
"product_id": "jetty-http-spi-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-io-9.4.58-1.1.aarch64",
"product_id": "jetty-io-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-jaas-9.4.58-1.1.aarch64",
"product_id": "jetty-jaas-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-jmx-9.4.58-1.1.aarch64",
"product_id": "jetty-jmx-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-jndi-9.4.58-1.1.aarch64",
"product_id": "jetty-jndi-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-jsp-9.4.58-1.1.aarch64",
"product_id": "jetty-jsp-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"product_id": "jetty-minimal-javadoc-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-openid-9.4.58-1.1.aarch64",
"product_id": "jetty-openid-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-plus-9.4.58-1.1.aarch64",
"product_id": "jetty-plus-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-project-9.4.58-1.1.aarch64",
"product_id": "jetty-project-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-proxy-9.4.58-1.1.aarch64",
"product_id": "jetty-proxy-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-quickstart-9.4.58-1.1.aarch64",
"product_id": "jetty-quickstart-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-rewrite-9.4.58-1.1.aarch64",
"product_id": "jetty-rewrite-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-security-9.4.58-1.1.aarch64",
"product_id": "jetty-security-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-server-9.4.58-1.1.aarch64",
"product_id": "jetty-server-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-servlet-9.4.58-1.1.aarch64",
"product_id": "jetty-servlet-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-servlets-9.4.58-1.1.aarch64",
"product_id": "jetty-servlets-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-start-9.4.58-1.1.aarch64",
"product_id": "jetty-start-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-util-9.4.58-1.1.aarch64",
"product_id": "jetty-util-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-util-ajax-9.4.58-1.1.aarch64",
"product_id": "jetty-util-ajax-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-webapp-9.4.58-1.1.aarch64",
"product_id": "jetty-webapp-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-xml-9.4.58-1.1.aarch64",
"product_id": "jetty-xml-9.4.58-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-annotations-9.4.58-1.1.ppc64le",
"product_id": "jetty-annotations-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-ant-9.4.58-1.1.ppc64le",
"product_id": "jetty-ant-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-cdi-9.4.58-1.1.ppc64le",
"product_id": "jetty-cdi-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-client-9.4.58-1.1.ppc64le",
"product_id": "jetty-client-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-continuation-9.4.58-1.1.ppc64le",
"product_id": "jetty-continuation-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-deploy-9.4.58-1.1.ppc64le",
"product_id": "jetty-deploy-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-fcgi-9.4.58-1.1.ppc64le",
"product_id": "jetty-fcgi-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-http-9.4.58-1.1.ppc64le",
"product_id": "jetty-http-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-http-spi-9.4.58-1.1.ppc64le",
"product_id": "jetty-http-spi-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-io-9.4.58-1.1.ppc64le",
"product_id": "jetty-io-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-jaas-9.4.58-1.1.ppc64le",
"product_id": "jetty-jaas-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-jmx-9.4.58-1.1.ppc64le",
"product_id": "jetty-jmx-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-jndi-9.4.58-1.1.ppc64le",
"product_id": "jetty-jndi-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-jsp-9.4.58-1.1.ppc64le",
"product_id": "jetty-jsp-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"product_id": "jetty-minimal-javadoc-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-openid-9.4.58-1.1.ppc64le",
"product_id": "jetty-openid-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-plus-9.4.58-1.1.ppc64le",
"product_id": "jetty-plus-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-project-9.4.58-1.1.ppc64le",
"product_id": "jetty-project-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-proxy-9.4.58-1.1.ppc64le",
"product_id": "jetty-proxy-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-quickstart-9.4.58-1.1.ppc64le",
"product_id": "jetty-quickstart-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-rewrite-9.4.58-1.1.ppc64le",
"product_id": "jetty-rewrite-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-security-9.4.58-1.1.ppc64le",
"product_id": "jetty-security-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-server-9.4.58-1.1.ppc64le",
"product_id": "jetty-server-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-servlet-9.4.58-1.1.ppc64le",
"product_id": "jetty-servlet-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-servlets-9.4.58-1.1.ppc64le",
"product_id": "jetty-servlets-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-start-9.4.58-1.1.ppc64le",
"product_id": "jetty-start-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-util-9.4.58-1.1.ppc64le",
"product_id": "jetty-util-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-util-ajax-9.4.58-1.1.ppc64le",
"product_id": "jetty-util-ajax-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-webapp-9.4.58-1.1.ppc64le",
"product_id": "jetty-webapp-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-xml-9.4.58-1.1.ppc64le",
"product_id": "jetty-xml-9.4.58-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-1.1.s390x",
"product": {
"name": "jetty-annotations-9.4.58-1.1.s390x",
"product_id": "jetty-annotations-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-1.1.s390x",
"product": {
"name": "jetty-ant-9.4.58-1.1.s390x",
"product_id": "jetty-ant-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-1.1.s390x",
"product": {
"name": "jetty-cdi-9.4.58-1.1.s390x",
"product_id": "jetty-cdi-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-1.1.s390x",
"product": {
"name": "jetty-client-9.4.58-1.1.s390x",
"product_id": "jetty-client-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-1.1.s390x",
"product": {
"name": "jetty-continuation-9.4.58-1.1.s390x",
"product_id": "jetty-continuation-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-1.1.s390x",
"product": {
"name": "jetty-deploy-9.4.58-1.1.s390x",
"product_id": "jetty-deploy-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-1.1.s390x",
"product": {
"name": "jetty-fcgi-9.4.58-1.1.s390x",
"product_id": "jetty-fcgi-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-1.1.s390x",
"product": {
"name": "jetty-http-9.4.58-1.1.s390x",
"product_id": "jetty-http-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-1.1.s390x",
"product": {
"name": "jetty-http-spi-9.4.58-1.1.s390x",
"product_id": "jetty-http-spi-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-1.1.s390x",
"product": {
"name": "jetty-io-9.4.58-1.1.s390x",
"product_id": "jetty-io-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-1.1.s390x",
"product": {
"name": "jetty-jaas-9.4.58-1.1.s390x",
"product_id": "jetty-jaas-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-1.1.s390x",
"product": {
"name": "jetty-jmx-9.4.58-1.1.s390x",
"product_id": "jetty-jmx-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-1.1.s390x",
"product": {
"name": "jetty-jndi-9.4.58-1.1.s390x",
"product_id": "jetty-jndi-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-1.1.s390x",
"product": {
"name": "jetty-jsp-9.4.58-1.1.s390x",
"product_id": "jetty-jsp-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-1.1.s390x",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.s390x",
"product_id": "jetty-minimal-javadoc-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-1.1.s390x",
"product": {
"name": "jetty-openid-9.4.58-1.1.s390x",
"product_id": "jetty-openid-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-1.1.s390x",
"product": {
"name": "jetty-plus-9.4.58-1.1.s390x",
"product_id": "jetty-plus-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-1.1.s390x",
"product": {
"name": "jetty-project-9.4.58-1.1.s390x",
"product_id": "jetty-project-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-1.1.s390x",
"product": {
"name": "jetty-proxy-9.4.58-1.1.s390x",
"product_id": "jetty-proxy-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-1.1.s390x",
"product": {
"name": "jetty-quickstart-9.4.58-1.1.s390x",
"product_id": "jetty-quickstart-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-1.1.s390x",
"product": {
"name": "jetty-rewrite-9.4.58-1.1.s390x",
"product_id": "jetty-rewrite-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-1.1.s390x",
"product": {
"name": "jetty-security-9.4.58-1.1.s390x",
"product_id": "jetty-security-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-1.1.s390x",
"product": {
"name": "jetty-server-9.4.58-1.1.s390x",
"product_id": "jetty-server-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-1.1.s390x",
"product": {
"name": "jetty-servlet-9.4.58-1.1.s390x",
"product_id": "jetty-servlet-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-1.1.s390x",
"product": {
"name": "jetty-servlets-9.4.58-1.1.s390x",
"product_id": "jetty-servlets-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-1.1.s390x",
"product": {
"name": "jetty-start-9.4.58-1.1.s390x",
"product_id": "jetty-start-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-1.1.s390x",
"product": {
"name": "jetty-util-9.4.58-1.1.s390x",
"product_id": "jetty-util-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-1.1.s390x",
"product": {
"name": "jetty-util-ajax-9.4.58-1.1.s390x",
"product_id": "jetty-util-ajax-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-1.1.s390x",
"product": {
"name": "jetty-webapp-9.4.58-1.1.s390x",
"product_id": "jetty-webapp-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-1.1.s390x",
"product": {
"name": "jetty-xml-9.4.58-1.1.s390x",
"product_id": "jetty-xml-9.4.58-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-annotations-9.4.58-1.1.x86_64",
"product_id": "jetty-annotations-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-ant-9.4.58-1.1.x86_64",
"product_id": "jetty-ant-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-cdi-9.4.58-1.1.x86_64",
"product_id": "jetty-cdi-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-client-9.4.58-1.1.x86_64",
"product_id": "jetty-client-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-continuation-9.4.58-1.1.x86_64",
"product_id": "jetty-continuation-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-deploy-9.4.58-1.1.x86_64",
"product_id": "jetty-deploy-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-fcgi-9.4.58-1.1.x86_64",
"product_id": "jetty-fcgi-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-http-9.4.58-1.1.x86_64",
"product_id": "jetty-http-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-http-spi-9.4.58-1.1.x86_64",
"product_id": "jetty-http-spi-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-io-9.4.58-1.1.x86_64",
"product_id": "jetty-io-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-jaas-9.4.58-1.1.x86_64",
"product_id": "jetty-jaas-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-jmx-9.4.58-1.1.x86_64",
"product_id": "jetty-jmx-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-jndi-9.4.58-1.1.x86_64",
"product_id": "jetty-jndi-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-jsp-9.4.58-1.1.x86_64",
"product_id": "jetty-jsp-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"product_id": "jetty-minimal-javadoc-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-openid-9.4.58-1.1.x86_64",
"product_id": "jetty-openid-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-plus-9.4.58-1.1.x86_64",
"product_id": "jetty-plus-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-project-9.4.58-1.1.x86_64",
"product_id": "jetty-project-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-proxy-9.4.58-1.1.x86_64",
"product_id": "jetty-proxy-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-quickstart-9.4.58-1.1.x86_64",
"product_id": "jetty-quickstart-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-rewrite-9.4.58-1.1.x86_64",
"product_id": "jetty-rewrite-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-security-9.4.58-1.1.x86_64",
"product_id": "jetty-security-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-server-9.4.58-1.1.x86_64",
"product_id": "jetty-server-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-servlet-9.4.58-1.1.x86_64",
"product_id": "jetty-servlet-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-servlets-9.4.58-1.1.x86_64",
"product_id": "jetty-servlets-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-start-9.4.58-1.1.x86_64",
"product_id": "jetty-start-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-util-9.4.58-1.1.x86_64",
"product_id": "jetty-util-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-util-ajax-9.4.58-1.1.x86_64",
"product_id": "jetty-util-ajax-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-webapp-9.4.58-1.1.x86_64",
"product_id": "jetty-webapp-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-xml-9.4.58-1.1.x86_64",
"product_id": "jetty-xml-9.4.58-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-annotations-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-annotations-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.s390x"
},
"product_reference": "jetty-annotations-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-annotations-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-ant-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-ant-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.s390x"
},
"product_reference": "jetty-ant-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-ant-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-cdi-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-cdi-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.s390x"
},
"product_reference": "jetty-cdi-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-cdi-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-client-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-client-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.58-1.1.s390x"
},
"product_reference": "jetty-client-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-client-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-continuation-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-continuation-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.s390x"
},
"product_reference": "jetty-continuation-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-continuation-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-deploy-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-deploy-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.s390x"
},
"product_reference": "jetty-deploy-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-deploy-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-fcgi-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-fcgi-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.s390x"
},
"product_reference": "jetty-fcgi-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-fcgi-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-http-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-http-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.58-1.1.s390x"
},
"product_reference": "jetty-http-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-http-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-http-spi-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-http-spi-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.s390x"
},
"product_reference": "jetty-http-spi-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-http-spi-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-io-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-io-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.58-1.1.s390x"
},
"product_reference": "jetty-io-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-io-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-jaas-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-jaas-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.s390x"
},
"product_reference": "jetty-jaas-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-jaas-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-jmx-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-jmx-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.s390x"
},
"product_reference": "jetty-jmx-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-jmx-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-jndi-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-jndi-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.s390x"
},
"product_reference": "jetty-jndi-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-jndi-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-jsp-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-jsp-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.s390x"
},
"product_reference": "jetty-jsp-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-jsp-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.s390x"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-openid-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-openid-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.s390x"
},
"product_reference": "jetty-openid-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-openid-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-plus-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-plus-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.s390x"
},
"product_reference": "jetty-plus-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-plus-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-project-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-project-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.58-1.1.s390x"
},
"product_reference": "jetty-project-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-project-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-proxy-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-proxy-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.s390x"
},
"product_reference": "jetty-proxy-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-proxy-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-quickstart-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-quickstart-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.s390x"
},
"product_reference": "jetty-quickstart-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-quickstart-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-rewrite-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-rewrite-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.s390x"
},
"product_reference": "jetty-rewrite-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-rewrite-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-security-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-security-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.58-1.1.s390x"
},
"product_reference": "jetty-security-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-security-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-server-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-server-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.58-1.1.s390x"
},
"product_reference": "jetty-server-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-server-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-servlet-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-servlet-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.s390x"
},
"product_reference": "jetty-servlet-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-servlet-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-servlets-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-servlets-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.s390x"
},
"product_reference": "jetty-servlets-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-servlets-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-start-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-start-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.58-1.1.s390x"
},
"product_reference": "jetty-start-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-start-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-util-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-util-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.58-1.1.s390x"
},
"product_reference": "jetty-util-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-util-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-util-ajax-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-util-ajax-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.s390x"
},
"product_reference": "jetty-util-ajax-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-util-ajax-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-webapp-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-webapp-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.s390x"
},
"product_reference": "jetty-webapp-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-webapp-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-xml-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-xml-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.s390x"
},
"product_reference": "jetty-xml-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-xml-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5115"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5115",
"url": "https://www.suse.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1244252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-5115"
}
]
}
opensuse-su-2025:15483-1
Vulnerability from csaf_opensuse
Published
2025-08-22 00:00
Modified
2025-08-22 00:00
Summary
netty-4.1.124-1.1 on GA media
Notes
Title of the patch
netty-4.1.124-1.1 on GA media
Description of the patch
These are all security issues fixed in the netty-4.1.124-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15483
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "netty-4.1.124-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the netty-4.1.124-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15483",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15483-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55163 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55163/"
}
],
"title": "netty-4.1.124-1.1 on GA media",
"tracking": {
"current_release_date": "2025-08-22T00:00:00Z",
"generator": {
"date": "2025-08-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15483-1",
"initial_release_date": "2025-08-22T00:00:00Z",
"revision_history": [
{
"date": "2025-08-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.124-1.1.aarch64",
"product": {
"name": "netty-4.1.124-1.1.aarch64",
"product_id": "netty-4.1.124-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.124-1.1.aarch64",
"product": {
"name": "netty-bom-4.1.124-1.1.aarch64",
"product_id": "netty-bom-4.1.124-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.124-1.1.aarch64",
"product": {
"name": "netty-javadoc-4.1.124-1.1.aarch64",
"product_id": "netty-javadoc-4.1.124-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.124-1.1.aarch64",
"product": {
"name": "netty-parent-4.1.124-1.1.aarch64",
"product_id": "netty-parent-4.1.124-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.124-1.1.ppc64le",
"product": {
"name": "netty-4.1.124-1.1.ppc64le",
"product_id": "netty-4.1.124-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.124-1.1.ppc64le",
"product": {
"name": "netty-bom-4.1.124-1.1.ppc64le",
"product_id": "netty-bom-4.1.124-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.124-1.1.ppc64le",
"product": {
"name": "netty-javadoc-4.1.124-1.1.ppc64le",
"product_id": "netty-javadoc-4.1.124-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.124-1.1.ppc64le",
"product": {
"name": "netty-parent-4.1.124-1.1.ppc64le",
"product_id": "netty-parent-4.1.124-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.124-1.1.s390x",
"product": {
"name": "netty-4.1.124-1.1.s390x",
"product_id": "netty-4.1.124-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.124-1.1.s390x",
"product": {
"name": "netty-bom-4.1.124-1.1.s390x",
"product_id": "netty-bom-4.1.124-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.124-1.1.s390x",
"product": {
"name": "netty-javadoc-4.1.124-1.1.s390x",
"product_id": "netty-javadoc-4.1.124-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.124-1.1.s390x",
"product": {
"name": "netty-parent-4.1.124-1.1.s390x",
"product_id": "netty-parent-4.1.124-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.124-1.1.x86_64",
"product": {
"name": "netty-4.1.124-1.1.x86_64",
"product_id": "netty-4.1.124-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.124-1.1.x86_64",
"product": {
"name": "netty-bom-4.1.124-1.1.x86_64",
"product_id": "netty-bom-4.1.124-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.124-1.1.x86_64",
"product": {
"name": "netty-javadoc-4.1.124-1.1.x86_64",
"product_id": "netty-javadoc-4.1.124-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.124-1.1.x86_64",
"product": {
"name": "netty-parent-4.1.124-1.1.x86_64",
"product_id": "netty-parent-4.1.124-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.124-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.124-1.1.aarch64"
},
"product_reference": "netty-4.1.124-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.124-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.124-1.1.ppc64le"
},
"product_reference": "netty-4.1.124-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.124-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.124-1.1.s390x"
},
"product_reference": "netty-4.1.124-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.124-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.124-1.1.x86_64"
},
"product_reference": "netty-4.1.124-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.124-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.124-1.1.aarch64"
},
"product_reference": "netty-bom-4.1.124-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.124-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.124-1.1.ppc64le"
},
"product_reference": "netty-bom-4.1.124-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.124-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.124-1.1.s390x"
},
"product_reference": "netty-bom-4.1.124-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.124-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.124-1.1.x86_64"
},
"product_reference": "netty-bom-4.1.124-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.124-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.aarch64"
},
"product_reference": "netty-javadoc-4.1.124-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.124-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.ppc64le"
},
"product_reference": "netty-javadoc-4.1.124-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.124-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.s390x"
},
"product_reference": "netty-javadoc-4.1.124-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.124-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.x86_64"
},
"product_reference": "netty-javadoc-4.1.124-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.124-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.124-1.1.aarch64"
},
"product_reference": "netty-parent-4.1.124-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.124-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.124-1.1.ppc64le"
},
"product_reference": "netty-parent-4.1.124-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.124-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.124-1.1.s390x"
},
"product_reference": "netty-parent-4.1.124-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.124-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.124-1.1.x86_64"
},
"product_reference": "netty-parent-4.1.124-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55163"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55163",
"url": "https://www.suse.com/security/cve/CVE-2025-55163"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-55163",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-55163",
"url": "https://bugzilla.suse.com/1244252"
},
{
"category": "external",
"summary": "SUSE Bug 1247991 for CVE-2025-55163",
"url": "https://bugzilla.suse.com/1247991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55163"
}
]
}
wid-sec-w-2025-1830
Vulnerability from csaf_certbund
Published
2025-08-13 22:00
Modified
2025-09-22 22:00
Summary
http/2 Implementierungen: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
http/2 ist das HyperText Transfer Protocol in Version 2.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in verschiednen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "http/2 ist das HyperText Transfer Protocol in Version 2.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in verschiednen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1830 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1830.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1830 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1830"
},
{
"category": "external",
"summary": "Gal Bar Nahum\u0027s Blog - MadeYouReset Series vom 2025-08-13",
"url": "https://galbarnahum.com/made-you-reset"
},
{
"category": "external",
"summary": "CERT/CC VU#767506 vom 2025-08-13",
"url": "https://kb.cert.org/vuls/id/767506"
},
{
"category": "external",
"summary": "Varnish Security Advisory VSV00017 vom 2025-08-13",
"url": "https://varnish-cache.org/security/VSV00017.html"
},
{
"category": "external",
"summary": "Mailing List OSS Security vom 2025-08-13",
"url": "https://seclists.org/oss-sec/2025/q3/95"
},
{
"category": "external",
"summary": "Tomcat 9 Security vom 2025-08-13",
"url": "https://tomcat.apache.org/security-9.html"
},
{
"category": "external",
"summary": "Tomcat 10 Security vom 2025-08-13",
"url": "https://tomcat.apache.org/security-10.html"
},
{
"category": "external",
"summary": "Tomcat 11 Security vom 2025-08-13",
"url": "https://tomcat.apache.org/security-11.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13686 vom 2025-08-13",
"url": "https://access.redhat.com/errata/RHSA-2025:13686"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13685 vom 2025-08-14",
"url": "https://access.redhat.com/errata/RHSA-2025:13685"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15449-1 vom 2025-08-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LD37QPQBLKIFMKWJXACHGPA7WALFCOM7/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14004 vom 2025-08-19",
"url": "https://access.redhat.com/errata/RHSA-2025:14004"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14008 vom 2025-08-19",
"url": "https://access.redhat.com/errata/RHSA-2025:14008"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14182 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14182"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14177 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14177"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14180 vom 2025-08-21",
"url": "https://access.redhat.com/errata/RHSA-2025:14180"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-MMXM-8W33-WC4H vom 2025-08-20",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14179 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14179"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14178 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14178"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14183 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14183"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14177 vom 2025-08-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-14177.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14197 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14197"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14181 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14181"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14181 vom 2025-08-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-14181.html"
},
{
"category": "external",
"summary": "New Varnish Cache releases (7.7.3, 7.6.5 and 6.0.16) vom 2025-08-20",
"url": "https://varnish-cache.org/lists/pipermail/varnish-announce/2025-August/000771.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14178 vom 2025-08-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-14178.html"
},
{
"category": "external",
"summary": "PoC CVE-2025-8671 vom 2025-08-24",
"url": "https://github.com/abiyeenzo/CVE-2025-8671"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15483-1 vom 2025-08-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXDF5TMMN4LHEDWLII7MMDPWQR5D6UWU/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14179 vom 2025-08-22",
"url": "https://linux.oracle.com/errata/ELSA-2025-14179.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15490-1 vom 2025-08-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HVS2SK75HFDIVZCEQSOAOL6TTJCJFJZK/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15491-1 vom 2025-08-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PFPY4ZCVL2NZMRDOWWAY4ZBXIIA663BF/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15489-1 vom 2025-08-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBHMT4B4D7HRMDPQJYDEV5UUSG7LVAHI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02992-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022280.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02993-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022294.html"
},
{
"category": "external",
"summary": "Camunda Security Notice 144 vom 2025-08-28",
"url": "https://docs.camunda.org/security/notices/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03006-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022326.html"
},
{
"category": "external",
"summary": "ATOSS Sicherheitsmitteilung: Apache Tomcat-Sicherheitsl\u00fccken vom 2025-08-28",
"url": "https://www.atoss.ch/de-ch/sicherheit/security-news"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14911 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14911"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03024-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022345.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03021-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022331.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02993-2 vom 2025-09-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022373.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02993-2 vom 2025-09-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WDVRXONEUUASOWSNXL4RQLFHU45FFDH6/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14919 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:14919"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2TOMCAT9-2025-022 vom 2025-09-04",
"url": "https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2025-022.html"
},
{
"category": "external",
"summary": "PDFreactor Release Notes vom 2025-09-05",
"url": "https://www.pdfreactor.com/pdfreactor-12-3-now-available/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:14177 vom 2025-09-08",
"url": "https://errata.build.resf.org/RLSA-2025:14177"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03114-1 vom 2025-09-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022412.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15612 vom 2025-09-10",
"url": "https://access.redhat.com/errata/RHSA-2025:15612"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15697 vom 2025-09-11",
"url": "https://access.redhat.com/errata/RHSA-2025:15697"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4299 vom 2025-09-14",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00014.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6005 vom 2025-09-19",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00169.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6006 vom 2025-09-19",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00170.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:16407 vom 2025-09-23",
"url": "https://access.redhat.com/errata/RHSA-2025:16407"
}
],
"source_lang": "en-US",
"title": "http/2 Implementierungen: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-09-22T22:00:00.000+00:00",
"generator": {
"date": "2025-09-23T04:57:09.112+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1830",
"initial_release_date": "2025-08-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-20T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat, Open Source, Oracle Linux und European Union Vulnerability Database aufgenommen"
},
{
"date": "2025-08-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-08-24T22:00:00.000+00:00",
"number": "6",
"summary": "PoC aufgenommen"
},
{
"date": "2025-08-26T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-08-27T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-01T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-04T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-09-07T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-09-08T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-09-09T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-10T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-11T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-14T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-09-21T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-09-22T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "21"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "ATOSS Staff Efficiency Suite",
"product": {
"name": "ATOSS Staff Efficiency Suite",
"product_id": "T041371",
"product_identification_helper": {
"cpe": "cpe:/a:atoss:staff_efficiency_suite:-"
}
}
}
],
"category": "vendor",
"name": "ATOSS"
},
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.10",
"product": {
"name": "Apache Tomcat \u003c11.0.10",
"product_id": "1821869"
}
},
{
"category": "product_version",
"name": "11.0.10",
"product": {
"name": "Apache Tomcat 11.0.10",
"product_id": "1821869-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:11.0.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.108",
"product": {
"name": "Apache Tomcat \u003c9.0.108",
"product_id": "1821870"
}
},
{
"category": "product_version",
"name": "9.0.108",
"product": {
"name": "Apache Tomcat 9.0.108",
"product_id": "1821870-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.108"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.44",
"product": {
"name": "Apache Tomcat \u003c10.1.44",
"product_id": "T046241"
}
},
{
"category": "product_version",
"name": "10.1.44",
"product": {
"name": "Apache Tomcat 10.1.44",
"product_id": "T046241-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:10.1.44"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4.58",
"product": {
"name": "Eclipse Jetty \u003c9.4.58",
"product_id": "T046367"
}
},
{
"category": "product_version",
"name": "9.4.58",
"product": {
"name": "Eclipse Jetty 9.4.58",
"product_id": "T046367-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:9.4.58"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.26",
"product": {
"name": "Eclipse Jetty \u003c10.0.26",
"product_id": "T046368"
}
},
{
"category": "product_version",
"name": "10.0.26",
"product": {
"name": "Eclipse Jetty 10.0.26",
"product_id": "T046368-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:10.0.26"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.26",
"product": {
"name": "Eclipse Jetty \u003c11.0.26",
"product_id": "T046369"
}
},
{
"category": "product_version",
"name": "11.0.26",
"product": {
"name": "Eclipse Jetty 11.0.26",
"product_id": "T046369-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:11.0.26"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.25",
"product": {
"name": "Eclipse Jetty \u003c12.0.25",
"product_id": "T046370"
}
},
{
"category": "product_version",
"name": "12.0.25",
"product": {
"name": "Eclipse Jetty 12.0.25",
"product_id": "T046370-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:12.0.25"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.1.0.beta3",
"product": {
"name": "Eclipse Jetty \u003c12.1.0.beta3",
"product_id": "T046371"
}
},
{
"category": "product_version",
"name": "12.1.0.beta3",
"product": {
"name": "Eclipse Jetty 12.1.0.beta3",
"product_id": "T046371-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:12.1.0.beta3"
}
}
}
],
"category": "product_name",
"name": "Jetty"
}
],
"category": "vendor",
"name": "Eclipse"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Optimize \u003c3.15.7",
"product": {
"name": "Open Source Camunda Optimize \u003c3.15.7",
"product_id": "T046585"
}
},
{
"category": "product_version",
"name": "Optimize 3.15.7",
"product": {
"name": "Open Source Camunda Optimize 3.15.7",
"product_id": "T046585-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:optimize_3.15.7"
}
}
},
{
"category": "product_version_range",
"name": "Optimize \u003c3.14.8",
"product": {
"name": "Open Source Camunda Optimize \u003c3.14.8",
"product_id": "T046586"
}
},
{
"category": "product_version",
"name": "Optimize 3.14.8",
"product": {
"name": "Open Source Camunda Optimize 3.14.8",
"product_id": "T046586-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:optimize_3.14.8"
}
}
},
{
"category": "product_version_range",
"name": "Optimize \u003c3.13.19",
"product": {
"name": "Open Source Camunda Optimize \u003c3.13.19",
"product_id": "T046587"
}
},
{
"category": "product_version",
"name": "Optimize 3.13.19",
"product": {
"name": "Open Source Camunda Optimize 3.13.19",
"product_id": "T046587-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:optimize_3.13.19"
}
}
}
],
"category": "product_name",
"name": "Camunda"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.6.4",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c7.6.4",
"product_id": "T046242"
}
},
{
"category": "product_version",
"name": "7.6.4",
"product": {
"name": "Open Source Varnish HTTP Cache 7.6.4",
"product_id": "T046242-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:7.6.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.7.2",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c7.7.2",
"product_id": "T046243"
}
},
{
"category": "product_version",
"name": "7.7.2",
"product": {
"name": "Open Source Varnish HTTP Cache 7.7.2",
"product_id": "T046243-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:7.7.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.15",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c6.0.15",
"product_id": "T046244"
}
},
{
"category": "product_version",
"name": "6.0.15",
"product": {
"name": "Open Source Varnish HTTP Cache 6.0.15",
"product_id": "T046244-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:6.0.15"
}
}
}
],
"category": "product_name",
"name": "Varnish HTTP Cache"
},
{
"category": "product_name",
"name": "Open Source lighttpd",
"product": {
"name": "Open Source lighttpd",
"product_id": "T000812",
"product_identification_helper": {
"cpe": "cpe:/a:lighttpd:lighttpd:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.3",
"product": {
"name": "RealObjects PDFreactor \u003c12.3",
"product_id": "T046765"
}
},
{
"category": "product_version",
"name": "12.3",
"product": {
"name": "RealObjects PDFreactor 12.3",
"product_id": "T046765-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:realobjects:pdfreactor:12.3"
}
}
}
],
"category": "product_name",
"name": "PDFreactor"
}
],
"category": "vendor",
"name": "RealObjects"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Apache Camel 1",
"product": {
"name": "Red Hat Enterprise Linux Apache Camel 1",
"product_id": "T044468",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_1"
}
}
},
{
"category": "product_version",
"name": "Quarkus 3.15.6.SP1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.15.6.SP1",
"product_id": "T046330",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus_3.15.6.sp1"
}
}
},
{
"category": "product_version",
"name": "Quarkus 3.20.2.SP1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.20.2.SP1",
"product_id": "T046331",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus_3.20.2.sp1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Camel for Spring Boot 1",
"product": {
"name": "Red Hat Integration Camel for Spring Boot 1",
"product_id": "T035240",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_for_spring_boot_1"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"branches": [
{
"category": "product_version",
"name": "Middleware 1",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform Middleware 1",
"product_id": "T046944",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:middleware_1"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1.2",
"product": {
"name": "Red Hat JBoss Web Server \u003c6.1.2",
"product_id": "T046251"
}
},
{
"category": "product_version",
"name": "6.1.2",
"product": {
"name": "Red Hat JBoss Web Server 6.1.2",
"product_id": "T046251-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1.2"
}
}
}
],
"category": "product_name",
"name": "JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Specification http/2",
"product": {
"name": "Specification http/2",
"product_id": "T030386",
"product_identification_helper": {
"cpe": "cpe:/a:ietf:http2:-"
}
}
}
],
"category": "vendor",
"name": "Specification"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-48989",
"product_status": {
"known_affected": [
"T030386",
"T046370",
"67646",
"T046371",
"T004914",
"T000812",
"1821870",
"T046330",
"T046331",
"398363",
"T046251",
"T035240",
"T032255",
"1821869",
"T046944",
"T046369",
"T046765",
"T041371",
"T044468",
"2951",
"T002207",
"T027843",
"T046242",
"T046243",
"T046241",
"T046367",
"T046587",
"T046368",
"T046244",
"T046585",
"T046586"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-5115",
"product_status": {
"known_affected": [
"T030386",
"T046370",
"67646",
"T046371",
"T004914",
"T000812",
"1821870",
"T046330",
"T046331",
"398363",
"T046251",
"T035240",
"T032255",
"1821869",
"T046944",
"T046369",
"T046765",
"T041371",
"T044468",
"2951",
"T002207",
"T027843",
"T046242",
"T046243",
"T046241",
"T046367",
"T046587",
"T046368",
"T046244",
"T046585",
"T046586"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-55163",
"product_status": {
"known_affected": [
"T030386",
"T046370",
"67646",
"T046371",
"T004914",
"T000812",
"1821870",
"T046330",
"T046331",
"398363",
"T046251",
"T035240",
"T032255",
"1821869",
"T046944",
"T046369",
"T046765",
"T041371",
"T044468",
"2951",
"T002207",
"T027843",
"T046242",
"T046243",
"T046241",
"T046367",
"T046587",
"T046368",
"T046244",
"T046585",
"T046586"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-8671",
"product_status": {
"known_affected": [
"T030386",
"T046370",
"67646",
"T046371",
"T004914",
"T000812",
"1821870",
"T046330",
"T046331",
"398363",
"T046251",
"T035240",
"T032255",
"1821869",
"T046944",
"T046369",
"T046765",
"T041371",
"T044468",
"2951",
"T002207",
"T027843",
"T046242",
"T046243",
"T046241",
"T046367",
"T046587",
"T046368",
"T046244",
"T046585",
"T046586"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-8671"
}
]
}
ghsa-mmxm-8w33-wc4h
Vulnerability from github
Published
2025-08-20 20:52
Modified
2025-08-21 14:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
7.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
VLAI Severity ?
Summary
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability
Details
Technical Details
Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.”
MadeYouReset Vulnerability Summary
The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service.
Mechanism
The vulnerability uses malformed HTTP/2 control frames, or malformed flow, in order to make the server reset streams created by the client (using the RST_STREAM frame). The vulnerability could be triggered by several primitives, defined by the RFC of HTTP/2 (RFC 9113). The Primitives are: 1. WINDOW_UPDATE frame with an increment of 0 or an increment that makes the window exceed 2^31 - 1. (section 6.9 + 6.9.1) 2. HEADERS or DATA frames sent on a half-closed (remote) stream (which was closed using the END_STREAM flag). (note that for some implementations it's possible a CONTINUATION frame to trigger that as well - but it's very rare). (Section 5.1) 3. PRIORITY frame with a length other than 5. (section 6.3) From our experience, the primitives are likely to exist in the decreasing order listed above. Note that based on the implementation of the library, other primitives (which are not defined by the RFC) might exist - meaning scenarios in which RST_STREAM is not supposed to be sent, but in the implementation it does. On the other hand - some RFC-defined primitives might not work, even though they are defined by the RFC (as some implementations are not fully complying with RFC). For example, some implementations we’ve seen discard the PRIORITY frame - and thus does not return RST_STREAM, and some implementations send GO_AWAY when receiving a WINDOW_UPDATE frame with increment of 0.
The vulnerability takes advantage of a design flaw in the HTTP/2 protocol - While HTTP/2 has a limit on the number of concurrently active streams per connection (which is usually 100, and is set by the parameter SETTINGS_MAX_CONCURRENT_STREAMS), the number of active streams is not counted correctly - when a stream is reset, it is immediately considered not active, and thus unaccounted for in the active streams counter. While the protocol does not count those streams as active, the server’s backend logic still processes and handles the requests that were canceled.
Thus, the attacker can exploit this vulnerability to cause the server to handle an unbounded number of concurrent streams from a client on the same connection. The exploitation is very simple: the client issues a request in a stream, and then sends the control frame that causes the server to send a RST_STREAM.
Attack Flow
For example, a possible attack scenario can be:
1. Attacker opens an HTTP/2 connection to the server.
2. Attacker sends HEADERS frame with END_STREAM flag on a new stream X.
3. Attacker sends WINDOW_UPDATE for stream X with flow-control window of 0.
4. The server receives the WINDOW_UPDATE and immediately sends RST_STREAM for stream X to the client (+ decreases the active streams counter by 1).
The attacker can repeat steps 2+3 as rapidly as it is capable, since the active streams counter never exceeds 1 and the attacker does not need to wait for the response from the server. This leads to resource exhaustion and distributed denial of service vulnerabilities with an impact of: CPU overload and/or memory exhaustion (implementation dependant)
Comparison to Rapid Reset
The vulnerability takes advantage of a design flow in the HTTP/2 protocol that was also used in the Rapid Reset vulnerability (CVE-2023-44487) which was exploited as a zero-day in the wild in August 2023 to October 2023, against multiple services and vendors. The Rapid Reset vulnerability uses RST_STREAM frames sent from the client, in order to create an unbounded amount of concurrent streams - it was given a CVSS score of 7.5. Rapid Reset was mostly mitigated by limiting the number/rate of RST_STREAM sent from the client, which does not mitigate the MadeYouReset attack - since it triggers the server to send a RST_STREAM.
Suggested Mitigations for MadeYouReset
A quick and easy mitigation will be to limit the number/rate of RST_STREAMs sent from the server. It is also possible to limit the number/rate of control frames sent by the client (e.g. WINDOW_UPDATE and PRIORITY), and treat protocol flow errors as a connection error.
As mentioned in our previous message, this is a protocol-level vulnerability that affects multiple vendors and implementations. Given its broad impact, it is the shared responsibility of all parties involved to handle the disclosure process carefully and coordinate mitigations effectively.
If you have any questions, we will be happy to clarify or schedule a Zoom call.
Gal, Anat and Yaniv.
Jetty's Team Notes
Impact
A denial of service vulnerability similar to Rapid Reset, but where the client triggers a reset from the server by sending a malformed or invalid frame.
In particular, this may be triggered by WINDOW_UPDATE frames that are invalid (e.g. with delta==0 or when the delta makes the window exceed 2^31-1).
Patches
Patch has been merged into 12.0.x mainline via https://github.com/jetty/jetty.project/pull/13449.
Workarounds
No workarounds apart disabling HTTP/2.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.4.57"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:http2-common"
},
"ranges": [
{
"events": [
{
"introduced": "9.3.0"
},
{
"fixed": "9.4.58"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.25"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:http2-common"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.0.25"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:http2-common"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.0.24"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:jetty-http2-common"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.0.25"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.1.0.beta2"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:jetty-http2-common"
},
"ranges": [
{
"events": [
{
"introduced": "12.1.0.alpha0"
},
{
"fixed": "12.1.0.beta3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-5115"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-20T20:52:17Z",
"nvd_published_at": "2025-08-20T20:15:33Z",
"severity": "HIGH"
},
"details": "## Technical Details \nBelow is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as \u201cMadeYouReset.\u201d\n\n### MadeYouReset Vulnerability Summary\nThe MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service.\n\n### Mechanism\nThe vulnerability uses malformed HTTP/2 control frames, or malformed flow, in order to make the server reset streams created by the client (using the RST_STREAM frame). \nThe vulnerability could be triggered by several primitives, defined by the RFC of HTTP/2 (RFC 9113). The Primitives are:\n1. WINDOW_UPDATE frame with an increment of 0 or an increment that makes the window exceed 2^31 - 1. (section 6.9 + 6.9.1)\n2. HEADERS or DATA frames sent on a half-closed (remote) stream (which was closed using the END_STREAM flag). (note that for some implementations it\u0027s possible a CONTINUATION frame to trigger that as well - but it\u0027s very rare). (Section 5.1)\n3. PRIORITY frame with a length other than 5. (section 6.3)\nFrom our experience, the primitives are likely to exist in the decreasing order listed above.\nNote that based on the implementation of the library, other primitives (which are not defined by the RFC) might exist - meaning scenarios in which RST_STREAM is not supposed to be sent, but in the implementation it does. On the other hand - some RFC-defined primitives might not work, even though they are defined by the RFC (as some implementations are not fully complying with RFC). For example, some implementations we\u2019ve seen discard the PRIORITY frame - and thus does not return RST_STREAM, and some implementations send GO_AWAY when receiving a WINDOW_UPDATE frame with increment of 0.\n\nThe vulnerability takes advantage of a design flaw in the HTTP/2 protocol - While HTTP/2 has a limit on the number of concurrently active streams per connection (which is usually 100, and is set by the parameter SETTINGS_MAX_CONCURRENT_STREAMS), the number of active streams is not counted correctly - when a stream is reset, it is immediately considered not active, and thus unaccounted for in the active streams counter. \nWhile the protocol does not count those streams as active, the server\u2019s backend logic still processes and handles the requests that were canceled.\n\nThus, the attacker can exploit this vulnerability to cause the server to handle an unbounded number of concurrent streams from a client on the same connection. The exploitation is very simple: the client issues a request in a stream, and then sends the control frame that causes the server to send a RST_STREAM.\n\n### Attack Flow\nFor example, a possible attack scenario can be: \n1. Attacker opens an HTTP/2 connection to the server.\n2. Attacker sends HEADERS frame with END_STREAM flag on a new stream X. \n3. Attacker sends WINDOW_UPDATE for stream X with flow-control window of 0.\n4. The server receives the WINDOW_UPDATE and immediately sends RST_STREAM for stream X to the client (+ decreases the active streams counter by 1).\n\nThe attacker can repeat steps 2+3 as rapidly as it is capable, since the active streams counter never exceeds 1 and the attacker does not need to wait for the response from the server.\nThis leads to resource exhaustion and distributed denial of service vulnerabilities with an impact of: CPU overload and/or memory exhaustion (implementation dependant)\n\n### Comparison to Rapid Reset\nThe vulnerability takes advantage of a design flow in the HTTP/2 protocol that was also used in the Rapid Reset vulnerability (CVE-2023-44487) which was exploited as a zero-day in the wild in August 2023 to October 2023, against multiple services and vendors.\nThe Rapid Reset vulnerability uses RST_STREAM frames sent from the client, in order to create an unbounded amount of concurrent streams - it was given a CVSS score of 7.5.\nRapid Reset was mostly mitigated by limiting the number/rate of RST_STREAM sent from the client, which does not mitigate the MadeYouReset attack - since it triggers the server to send a RST_STREAM.\n\n### Suggested Mitigations for MadeYouReset\nA quick and easy mitigation will be to limit the number/rate of RST_STREAMs sent from the server.\nIt is also possible to limit the number/rate of control frames sent by the client (e.g. WINDOW_UPDATE and PRIORITY), and treat protocol flow errors as a connection error.\n\nAs mentioned in our previous message, this is a protocol-level vulnerability that affects multiple vendors and implementations. Given its broad impact, it is the shared responsibility of all parties involved to handle the disclosure process carefully and coordinate mitigations effectively.\n\n\nIf you have any questions, we will be happy to clarify or schedule a Zoom call.\n\nGal, Anat and Yaniv.\n\n\n\n## Jetty\u0027s Team Notes\n\n### Impact\nA denial of service vulnerability similar to [Rapid Reset](https://github.com/jetty/jetty.project/security/advisories/GHSA-c745-7wm4-7738), but where the client triggers a reset from the server by sending a malformed or invalid frame.\nIn particular, this may be triggered by WINDOW_UPDATE frames that are invalid (e.g. with `delta==0` or when the delta makes the window exceed `2^31-1`).\n\n### Patches\nPatch has been merged into 12.0.x mainline via https://github.com/jetty/jetty.project/pull/13449.\n\n### Workarounds\nNo workarounds apart disabling HTTP/2.",
"id": "GHSA-mmxm-8w33-wc4h",
"modified": "2025-08-21T14:01:19Z",
"published": "2025-08-20T20:52:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/pull/13449"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/commit/f9ee3904788b08203ed62c95a560d951da37bdb1"
},
{
"type": "PACKAGE",
"url": "https://github.com/jetty/jetty.project"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…