Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cnvd-2021-28269
Vulnerability from cnvd
Title
Eclipse Jetty信息泄露漏洞(CNVD-2021-28269)
Description
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。
Eclipse Jetty 9.4.27.v20200227版本至9.4.29.v20200521版本中存在安全漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。攻击者可利用该漏洞获取敏感信息。
Severity
高
VLAI Severity ?
Patch Name
Eclipse Jetty信息泄露漏洞(CNVD-2021-28269)的补丁
Patch Description
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。
Eclipse Jetty 9.4.27.v20200227版本至9.4.29.v20200521版本中存在安全漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。攻击者可利用该漏洞获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新:https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-17638
Impacted products
| Name | Eclipse Eclipse Jetty >=9.4.27.v20200227,<=9.4.29.v20200521 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-17638",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-17638"
}
},
"description": "Eclipse Jetty\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u3001\u57fa\u4e8eJava\u7684Web\u670d\u52a1\u5668\u548cJava Servlet\u5bb9\u5668\u3002\n\nEclipse Jetty 9.4.27.v20200227\u7248\u672c\u81f39.4.29.v20200521\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://bugs.eclipse.org/bugs/show_bug.cgi?id=564984",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-28269",
"openTime": "2021-04-14",
"patchDescription": "Eclipse Jetty\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u3001\u57fa\u4e8eJava\u7684Web\u670d\u52a1\u5668\u548cJava Servlet\u5bb9\u5668\u3002\r\n\r\nEclipse Jetty 9.4.27.v20200227\u7248\u672c\u81f39.4.29.v20200521\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Eclipse Jetty\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-28269\uff09\u7684\u8865\u4e01",
"products": {
"product": "Eclipse Eclipse Jetty \u003e=9.4.27.v20200227\uff0c\u003c=9.4.29.v20200521"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-17638",
"serverity": "\u9ad8",
"submitTime": "2020-07-12",
"title": "Eclipse Jetty\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-28269\uff09"
}
CVE-2019-17638 (GCVE-0-2019-17638)
Vulnerability from cvelistv5
Published
2020-07-09 18:10
Modified
2024-08-05 01:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.27.v20200227 to 9.4.29.v20200521 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984"
},
{
"name": "[oss-security] 20200817 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/08/17/1"
},
{
"name": "FEDORA-2020-cf8ef2f333",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/"
},
{
"name": "[pulsar-commits] 20200903 [GitHub] [pulsar] guyv opened a new issue #7970: pulsar-client vulnerability CVE-2019-17638",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200911 [GitHub] [pulsar] codelipenghui closed issue #7970: pulsar-client vulnerability CVE-2019-17638",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r521168299e023fb075b57afe33d17ff1d09e8a10e0fd8c775ea0e028%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200912 [GitHub] [pulsar] codelipenghui closed issue #7970: pulsar-client vulnerability CVE-2019-17638",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r378e4cdec15e132575aa1dcb6296ffeff2a896745a8991522e266ad4%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200914 [GitHub] [pulsar] klwilson227 opened a new issue #8060: CVE-2019-17638 jetty server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra8661fc8c69c647cb06153c1485d48484a833d873f75dfe45937e9de%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200922 [GitHub] [pulsar] zymap commented on issue #8060: CVE-2019-17638 jetty server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r81f58591fb4716fb867b36956f30c7c8ad4ab3f23abc952d9d86a2a0%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200923 [GitHub] [pulsar] zymap commented on issue #8060: CVE-2019-17638 jetty server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9a2cfa56d30782a0c17a5deb951a622d1f5c8de48e1c3b578ffc2a84%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200929 [GitHub] [pulsar] sijie closed issue #8060: CVE-2019-17638 jetty server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbe1f230e87ea947593145d0072d0097ddb0af10fee1161db8ca1546c%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200929 [GitHub] [pulsar] sijie commented on issue #8060: CVE-2019-17638 jetty server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r29073905dc9139d0d7a146595694bf57bb9e35e5ec6aa73eb9c8443a%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201005 [GitHub] [pulsar] abhishekheaven7 opened a new issue #8203: Pulsar client with version 2.6.1 has critical vulnerability CVE-2019-17638",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7fc5f2ed49641ea91c433e3cd0fc3d31c0278c87b82b15c33b881415%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201005 [GitHub] [pulsar] abhishekheaven7 closed issue #8203: Pulsar client with version 2.6.1 has critical vulnerability CVE-2019-17638",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd98cfd012490cb02caa1a11aaa0cc38bff2d43bcce9b20c2f01063dd%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Jetty",
"vendor": "The Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "9.4.27.v20200227 to 9.4.29.v20200521"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "CWE-672: Operation on a Resource after Expiration or Release",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-675",
"description": "CWE-675: Duplicate Operations on Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:10",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984"
},
{
"name": "[oss-security] 20200817 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/08/17/1"
},
{
"name": "FEDORA-2020-cf8ef2f333",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/"
},
{
"name": "[pulsar-commits] 20200903 [GitHub] [pulsar] guyv opened a new issue #7970: pulsar-client vulnerability CVE-2019-17638",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200911 [GitHub] [pulsar] codelipenghui closed issue #7970: pulsar-client vulnerability CVE-2019-17638",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r521168299e023fb075b57afe33d17ff1d09e8a10e0fd8c775ea0e028%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200912 [GitHub] [pulsar] codelipenghui closed issue #7970: pulsar-client vulnerability CVE-2019-17638",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r378e4cdec15e132575aa1dcb6296ffeff2a896745a8991522e266ad4%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200914 [GitHub] [pulsar] klwilson227 opened a new issue #8060: CVE-2019-17638 jetty server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra8661fc8c69c647cb06153c1485d48484a833d873f75dfe45937e9de%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200922 [GitHub] [pulsar] zymap commented on issue #8060: CVE-2019-17638 jetty server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r81f58591fb4716fb867b36956f30c7c8ad4ab3f23abc952d9d86a2a0%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200923 [GitHub] [pulsar] zymap commented on issue #8060: CVE-2019-17638 jetty server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9a2cfa56d30782a0c17a5deb951a622d1f5c8de48e1c3b578ffc2a84%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200929 [GitHub] [pulsar] sijie closed issue #8060: CVE-2019-17638 jetty server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbe1f230e87ea947593145d0072d0097ddb0af10fee1161db8ca1546c%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200929 [GitHub] [pulsar] sijie commented on issue #8060: CVE-2019-17638 jetty server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r29073905dc9139d0d7a146595694bf57bb9e35e5ec6aa73eb9c8443a%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201005 [GitHub] [pulsar] abhishekheaven7 opened a new issue #8203: Pulsar client with version 2.6.1 has critical vulnerability CVE-2019-17638",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7fc5f2ed49641ea91c433e3cd0fc3d31c0278c87b82b15c33b881415%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201005 [GitHub] [pulsar] abhishekheaven7 closed issue #8203: Pulsar client with version 2.6.1 has critical vulnerability CVE-2019-17638",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd98cfd012490cb02caa1a11aaa0cc38bff2d43bcce9b20c2f01063dd%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2019-17638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_value": "9.4.27.v20200227 to 9.4.29.v20200521"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-672: Operation on a Resource after Expiration or Release"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-675: Duplicate Operations on Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984"
},
{
"name": "[oss-security] 20200817 Vulnerability in Jenkins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/08/17/1"
},
{
"name": "FEDORA-2020-cf8ef2f333",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/"
},
{
"name": "[pulsar-commits] 20200903 [GitHub] [pulsar] guyv opened a new issue #7970: pulsar-client vulnerability CVE-2019-17638",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200911 [GitHub] [pulsar] codelipenghui closed issue #7970: pulsar-client vulnerability CVE-2019-17638",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r521168299e023fb075b57afe33d17ff1d09e8a10e0fd8c775ea0e028@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200912 [GitHub] [pulsar] codelipenghui closed issue #7970: pulsar-client vulnerability CVE-2019-17638",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r378e4cdec15e132575aa1dcb6296ffeff2a896745a8991522e266ad4@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200914 [GitHub] [pulsar] klwilson227 opened a new issue #8060: CVE-2019-17638 jetty server",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra8661fc8c69c647cb06153c1485d48484a833d873f75dfe45937e9de@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200922 [GitHub] [pulsar] zymap commented on issue #8060: CVE-2019-17638 jetty server",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r81f58591fb4716fb867b36956f30c7c8ad4ab3f23abc952d9d86a2a0@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200923 [GitHub] [pulsar] zymap commented on issue #8060: CVE-2019-17638 jetty server",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9a2cfa56d30782a0c17a5deb951a622d1f5c8de48e1c3b578ffc2a84@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200929 [GitHub] [pulsar] sijie closed issue #8060: CVE-2019-17638 jetty server",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbe1f230e87ea947593145d0072d0097ddb0af10fee1161db8ca1546c@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200929 [GitHub] [pulsar] sijie commented on issue #8060: CVE-2019-17638 jetty server",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r29073905dc9139d0d7a146595694bf57bb9e35e5ec6aa73eb9c8443a@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201005 [GitHub] [pulsar] abhishekheaven7 opened a new issue #8203: Pulsar client with version 2.6.1 has critical vulnerability CVE-2019-17638",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7fc5f2ed49641ea91c433e3cd0fc3d31c0278c87b82b15c33b881415@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201005 [GitHub] [pulsar] abhishekheaven7 closed issue #8203: Pulsar client with version 2.6.1 has critical vulnerability CVE-2019-17638",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd98cfd012490cb02caa1a11aaa0cc38bff2d43bcce9b20c2f01063dd@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2019-17638",
"datePublished": "2020-07-09T18:10:12",
"dateReserved": "2019-10-16T00:00:00",
"dateUpdated": "2024-08-05T01:47:13.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…