Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-5115 (GCVE-0-2025-5115)
Vulnerability from cvelistv5
Published
2025-08-20 19:07
Modified
2025-08-21 10:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.
For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.
Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.
The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.
The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.
Links:
* https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Jetty | Eclipse Jetty |
Version: >=9.3.0 ≤ <=9.4.57 Version: >=10.0.0 ≤ <=10.0.25 Version: >=11.0.0 ≤ <=11.0.25 Version: >=12.0.0 ≤ <=12.0.21 Version: >=12.1.0.alpha0 ≤ <=12.1.0.alpha2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T19:28:04.700843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T19:28:12.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "pkg:maven/org.eclipse.jetty.http2/http2-common",
"product": "Eclipse Jetty",
"repo": "https://github.com/jetty/jetty.project",
"vendor": "Eclipse Jetty",
"versions": [
{
"lessThanOrEqual": "\u003c=9.4.57",
"status": "affected",
"version": "\u003e=9.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.0.25",
"status": "affected",
"version": "\u003e=10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=11.0.25",
"status": "affected",
"version": "\u003e=11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=12.0.21",
"status": "affected",
"version": "\u003e=12.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=12.1.0.alpha2",
"status": "affected",
"version": "\u003e=12.1.0.alpha0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eIn Eclipse Jetty, versions \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\u003c/p\u003e\n\u003cp\u003eFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update\"\u003e\u003c/a\u003e, the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\u003c/p\u003e\n\u003cp\u003eThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\"\u003ehttps://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T10:36:49.477Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"tags": [
"patch"
],
"url": "https://github.com/jetty/jetty.project/pull/13449"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MadeYouReset HTTP/2 vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-5115",
"datePublished": "2025-08-20T19:07:11.546Z",
"dateReserved": "2025-05-23T08:55:59.861Z",
"dateUpdated": "2025-08-21T10:36:49.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-5115\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2025-08-20T20:15:33.377\",\"lastModified\":\"2025-08-22T18:09:17.710\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\\n\\n\\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\\n\\n\\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\\n\\n\\n\\nLinks:\\n\\n\\n\\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\"},{\"lang\":\"es\",\"value\":\"En Eclipse Jetty, versiones \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, un cliente HTTP/2 puede provocar que el servidor env\u00ede tramas RST_STREAM, por ejemplo, enviando tramas con formato incorrecto o que no deber\u00edan enviarse en un estado de flujo espec\u00edfico, lo que obliga al servidor a consumir recursos como CPU y memoria. Por ejemplo, un cliente puede abrir un flujo y luego enviar tramas WINDOW_UPDATE con un incremento de tama\u00f1o de ventana de 0, lo cual es ilegal. Seg\u00fan la especificaci\u00f3n https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update, el servidor debe enviar una trama RST_STREAM. El cliente ahora puede abrir otra transmisi\u00f3n y enviar otra WINDOW_UPDATE incorrecta, lo que provoca que el servidor consuma m\u00e1s recursos de los necesarios. En este caso, no se supera el n\u00famero m\u00e1ximo de transmisiones simult\u00e1neas, pero el cliente puede crear una enorme cantidad de transmisiones en poco tiempo. El ataque puede ejecutarse con otras condiciones (por ejemplo, una trama DATA para una transmisi\u00f3n cerrada) que provocan que el servidor env\u00ede una trama RST_STREAM. Enlaces: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"https://github.com/jetty/jetty.project/pull/13449\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\",\"source\":\"emo@eclipse.org\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5115\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-20T19:28:04.700843Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-20T19:28:07.991Z\"}}], \"cna\": {\"title\": \"MadeYouReset HTTP/2 vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/jetty/jetty.project\", \"vendor\": \"Eclipse Jetty\", \"product\": \"Eclipse Jetty\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e=9.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=9.4.57\"}, {\"status\": \"affected\", \"version\": \"\u003e=10.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.0.25\"}, {\"status\": \"affected\", \"version\": \"\u003e=11.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=11.0.25\"}, {\"status\": \"affected\", \"version\": \"\u003e=12.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=12.0.21\"}, {\"status\": \"affected\", \"version\": \"\u003e=12.1.0.alpha0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=12.1.0.alpha2\"}], \"packageName\": \"pkg:maven/org.eclipse.jetty.http2/http2-common\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/jetty/jetty.project/pull/13449\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\\n\\n\\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\\n\\n\\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\\n\\n\\n\\nLinks:\\n\\n\\n\\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003c/p\u003e\u003cp\u003eIn Eclipse Jetty, versions \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\u003c/p\u003e\\n\u003cp\u003eFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\\nPer specification\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update\\\"\u003e\u003c/a\u003e, the server should send a RST_STREAM frame.\\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\u003c/p\u003e\\n\u003cp\u003eThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\u003c/p\u003e\\n\\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\\\"\u003ehttps://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2025-08-21T10:36:49.477Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-5115\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-21T10:36:49.477Z\", \"dateReserved\": \"2025-05-23T08:55:59.861Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2025-08-20T19:07:11.546Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2025:16457
Vulnerability from csaf_redhat
Published
2025-09-23 09:44
Modified
2025-09-29 17:38
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.16. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.16. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16457",
"url": "https://access.redhat.com/errata/RHSA-2025:16457"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16457.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-09-29T17:38:04+00:00",
"generator": {
"date": "2025-09-29T17:38:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:16457",
"initial_release_date": "2025-09-23T09:44:56+00:00",
"revision_history": [
{
"date": "2025-09-23T09:44:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:44:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-29T17:38:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.16",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758336945-3.el9.src",
"product": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.src",
"product_id": "jenkins-0:2.516.3.1758336945-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758336945-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.16.1758337173-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"product_id": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758336945-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.16.1758337173-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src"
},
"product_reference": "jenkins-0:2.516.3.1758336945-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:44:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16457"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16462
Vulnerability from csaf_redhat
Published
2025-09-23 10:09
Modified
2025-09-29 17:38
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16462",
"url": "https://access.redhat.com/errata/RHSA-2025:16462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16462.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-09-29T17:38:06+00:00",
"generator": {
"date": "2025-09-29T17:38:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:16462",
"initial_release_date": "2025-09-23T10:09:56+00:00",
"revision_history": [
{
"date": "2025-09-23T10:09:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T10:09:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-29T17:38:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.15::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302665-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758302665-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302665-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1758303157-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302665-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1758303157-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758302665-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T10:09:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16462"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16989
Vulnerability from csaf_redhat
Published
2025-09-29 17:36
Modified
2025-09-29 17:38
Summary
Red Hat Security Advisory: Red Hat Offline Knowledge Portal update
Notes
Topic
Red Hat Offline Knowledge Portal update
Details
This is an update for the Red Hat Offline Knowledge portal that updates the content as of 25 Sep 2025. It also contains a mitigation for CVE-2025-5115, as well as small fix for the CVE and Errata search applications that adds a trailing slash to search result links that removes an Apache redirect that automatically adds trailing slashes to URLs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Offline Knowledge Portal update",
"title": "Topic"
},
{
"category": "general",
"text": "This is an update for the Red Hat Offline Knowledge portal that updates the content as of 25 Sep 2025. It also contains a mitigation for CVE-2025-5115, as well as small fix for the CVE and Errata search applications that adds a trailing slash to search result links that removes an Apache redirect that automatically adds trailing slashes to URLs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16989",
"url": "https://access.redhat.com/errata/RHSA-2025:16989"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/red-hat-offline-knowledge-portal",
"url": "https://access.redhat.com/products/red-hat-offline-knowledge-portal"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5115",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-5115/",
"url": "https://access.redhat.com/security/cve/cve-2025-5115/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1.0"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16989.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Offline Knowledge Portal update",
"tracking": {
"current_release_date": "2025-09-29T17:38:06+00:00",
"generator": {
"date": "2025-09-29T17:38:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:16989",
"initial_release_date": "2025-09-29T17:36:18+00:00",
"revision_history": [
{
"date": "2025-09-29T17:36:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-29T17:36:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-29T17:38:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Offline Knowledge Portal 1.1.2",
"product": {
"name": "Red Hat Offline Knowledge Portal 1.1.2",
"product_id": "Red Hat Offline Knowledge Portal 1.1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:offline_knowledge_portal:1.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Offline Knowledge Portal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"product": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"product_id": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhokp-rhel9@sha256%3A31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78?arch=amd64\u0026repository_url=registry.redhat.io/offline-knowledge-portal\u0026tag=1.1.2-1759166862"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"product": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"product_id": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhokp-rhel9@sha256%3A7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd?arch=arm64\u0026repository_url=registry.redhat.io/offline-knowledge-portal\u0026tag=1.1.2-1759166862"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64 as a component of Red Hat Offline Knowledge Portal 1.1.2",
"product_id": "Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64"
},
"product_reference": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"relates_to_product_reference": "Red Hat Offline Knowledge Portal 1.1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64 as a component of Red Hat Offline Knowledge Portal 1.1.2",
"product_id": "Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
},
"product_reference": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"relates_to_product_reference": "Red Hat Offline Knowledge Portal 1.1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-29T17:36:18+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command. A satellite subscription is required to download and use this product.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16989"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.2:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16455
Vulnerability from csaf_redhat
Published
2025-09-23 09:40
Modified
2025-09-29 17:38
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.18 Openshift Jenkins security update
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.18. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
(CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.18. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n(CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16455",
"url": "https://access.redhat.com/errata/RHSA-2025:16455"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16455.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.18 Openshift Jenkins security update",
"tracking": {
"current_release_date": "2025-09-29T17:38:04+00:00",
"generator": {
"date": "2025-09-29T17:38:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:16455",
"initial_release_date": "2025-09-23T09:40:23+00:00",
"revision_history": [
{
"date": "2025-09-23T09:40:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:40:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-29T17:38:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.18",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758260563-3.el9.src",
"product": {
"name": "jenkins-0:2.516.3.1758260563-3.el9.src",
"product_id": "jenkins-0:2.516.3.1758260563-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758260563-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.18.1758260849-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.18.1758260849-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758260563-3.el9.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758260563-3.el9.noarch",
"product_id": "jenkins-0:2.516.3.1758260563-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758260563-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.18.1758260849-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758260563-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758260563-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758260563-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.src"
},
"product_reference": "jenkins-0:2.516.3.1758260563-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.18.1758260849-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.18",
"product_id": "9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.18.1758260849-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:40:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16455"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-0:2.516.3.1758260563-3.el9.src",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.noarch",
"9Base-OCP-Tools-4.18:jenkins-2-plugins-0:4.18.1758260849-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16461
Vulnerability from csaf_redhat
Published
2025-09-23 10:10
Modified
2025-09-29 17:38
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16461",
"url": "https://access.redhat.com/errata/RHSA-2025:16461"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16461.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-09-29T17:38:06+00:00",
"generator": {
"date": "2025-09-29T17:38:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:16461",
"initial_release_date": "2025-09-23T10:10:12+00:00",
"revision_history": [
{
"date": "2025-09-23T10:10:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T10:10:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-29T17:38:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.14::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302106-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758302106-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302106-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1758302383-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302106-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1758302383-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758302106-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T10:10:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16461"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16459
Vulnerability from csaf_redhat
Published
2025-09-23 09:47
Modified
2025-09-29 17:38
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16459",
"url": "https://access.redhat.com/errata/RHSA-2025:16459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16459.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-09-29T17:38:04+00:00",
"generator": {
"date": "2025-09-29T17:38:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:16459",
"initial_release_date": "2025-09-23T09:47:46+00:00",
"revision_history": [
{
"date": "2025-09-23T09:47:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:47:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-29T17:38:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758299374-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758299374-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758299374-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1758299735-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758299374-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1758299735-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758299374-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:47:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16459"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16454
Vulnerability from csaf_redhat
Published
2025-09-23 09:44
Modified
2025-09-29 17:38
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.19 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.19. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.19. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16454",
"url": "https://access.redhat.com/errata/RHSA-2025:16454"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16454.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.19 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-09-29T17:38:04+00:00",
"generator": {
"date": "2025-09-29T17:38:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:16454",
"initial_release_date": "2025-09-23T09:44:32+00:00",
"revision_history": [
{
"date": "2025-09-23T09:44:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:44:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-29T17:38:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.19",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.19",
"product_id": "9Base-OCP-Tools-4.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.19::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758206866-3.el9.src",
"product": {
"name": "jenkins-0:2.516.3.1758206866-3.el9.src",
"product_id": "jenkins-0:2.516.3.1758206866-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758206866-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.19.1758207171-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.19.1758207171-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758206866-3.el9.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758206866-3.el9.noarch",
"product_id": "jenkins-0:2.516.3.1758206866-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758206866-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.19.1758207171-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758206866-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.19",
"product_id": "9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758206866-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758206866-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.19",
"product_id": "9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.src"
},
"product_reference": "jenkins-0:2.516.3.1758206866-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.19",
"product_id": "9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.19.1758207171-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.19",
"product_id": "9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.19.1758207171-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.19"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.src",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:44:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.src",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16454"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.src",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-0:2.516.3.1758206866-3.el9.src",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.noarch",
"9Base-OCP-Tools-4.19:jenkins-2-plugins-0:4.19.1758207171-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16460
Vulnerability from csaf_redhat
Published
2025-09-23 10:09
Modified
2025-09-29 17:38
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16460",
"url": "https://access.redhat.com/errata/RHSA-2025:16460"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16460.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-09-29T17:38:04+00:00",
"generator": {
"date": "2025-09-29T17:38:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:16460",
"initial_release_date": "2025-09-23T10:09:41+00:00",
"revision_history": [
{
"date": "2025-09-23T10:09:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T10:09:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-29T17:38:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758298953-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758298953-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758298953-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1758299004-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758298953-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1758299004-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758298953-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T10:09:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16460"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:16456
Vulnerability from csaf_redhat
Published
2025-09-23 09:44
Modified
2025-09-29 17:38
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.17 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.17. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
(CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.17. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n(CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16456",
"url": "https://access.redhat.com/errata/RHSA-2025:16456"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16456.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.17 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2025-09-29T17:38:04+00:00",
"generator": {
"date": "2025-09-29T17:38:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:16456",
"initial_release_date": "2025-09-23T09:44:51+00:00",
"revision_history": [
{
"date": "2025-09-23T09:44:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:44:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-29T17:38:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.17",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758259817-3.el9.src",
"product": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.src",
"product_id": "jenkins-0:2.516.3.1758259817-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758259817-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.17.1758260106-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"product_id": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758259817-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.17.1758260106-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src"
},
"product_reference": "jenkins-0:2.516.3.1758259817-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:44:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16456"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
rhsa-2025:14911
Vulnerability from csaf_redhat
Published
2025-08-28 18:38
Modified
2025-09-29 17:38
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.6 for Spring Boot release.
Notes
Topic
Red Hat build of Apache Camel 4.10.6 for Spring Boot patch release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat build of Apache Camel 4.10.6 for Spring Boot patch release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues
fixed.
Security Fix(es):
* jetty-http2-client: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
* jetty-http2-client-transport: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
* jetty-http2-common: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
* jetty-http2-hpack: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
* jetty-http2-server: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.10.6 for Spring Boot patch release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.10.6 for Spring Boot patch release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues\nfixed.\n\nSecurity Fix(es):\n \n* jetty-http2-client: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\n* jetty-http2-client-transport: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\n* jetty-http2-common: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\n* jetty-http2-hpack: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\n* jetty-http2-server: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\n* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14911",
"url": "https://access.redhat.com/errata/RHSA-2025:14911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14911.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.6 for Spring Boot release.",
"tracking": {
"current_release_date": "2025-09-29T17:38:04+00:00",
"generator": {
"date": "2025-09-29T17:38:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:14911",
"initial_release_date": "2025-08-28T18:38:33+00:00",
"revision_history": [
{
"date": "2025-08-28T18:38:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-28T18:38:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-29T17:38:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9",
"product": {
"name": "Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9",
"product_id": "Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.10"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-28T18:38:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14911"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-08-13T15:01:55.372237+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a denial of service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55163"
},
{
"category": "external",
"summary": "RHBZ#2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
"url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-13T14:17:36.111000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-28T18:38:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14911"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability"
}
]
}
ghsa-mmxm-8w33-wc4h
Vulnerability from github
Published
2025-08-20 20:52
Modified
2025-08-21 14:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
7.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
VLAI Severity ?
Summary
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability
Details
Technical Details
Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.”
MadeYouReset Vulnerability Summary
The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service.
Mechanism
The vulnerability uses malformed HTTP/2 control frames, or malformed flow, in order to make the server reset streams created by the client (using the RST_STREAM frame). The vulnerability could be triggered by several primitives, defined by the RFC of HTTP/2 (RFC 9113). The Primitives are: 1. WINDOW_UPDATE frame with an increment of 0 or an increment that makes the window exceed 2^31 - 1. (section 6.9 + 6.9.1) 2. HEADERS or DATA frames sent on a half-closed (remote) stream (which was closed using the END_STREAM flag). (note that for some implementations it's possible a CONTINUATION frame to trigger that as well - but it's very rare). (Section 5.1) 3. PRIORITY frame with a length other than 5. (section 6.3) From our experience, the primitives are likely to exist in the decreasing order listed above. Note that based on the implementation of the library, other primitives (which are not defined by the RFC) might exist - meaning scenarios in which RST_STREAM is not supposed to be sent, but in the implementation it does. On the other hand - some RFC-defined primitives might not work, even though they are defined by the RFC (as some implementations are not fully complying with RFC). For example, some implementations we’ve seen discard the PRIORITY frame - and thus does not return RST_STREAM, and some implementations send GO_AWAY when receiving a WINDOW_UPDATE frame with increment of 0.
The vulnerability takes advantage of a design flaw in the HTTP/2 protocol - While HTTP/2 has a limit on the number of concurrently active streams per connection (which is usually 100, and is set by the parameter SETTINGS_MAX_CONCURRENT_STREAMS), the number of active streams is not counted correctly - when a stream is reset, it is immediately considered not active, and thus unaccounted for in the active streams counter. While the protocol does not count those streams as active, the server’s backend logic still processes and handles the requests that were canceled.
Thus, the attacker can exploit this vulnerability to cause the server to handle an unbounded number of concurrent streams from a client on the same connection. The exploitation is very simple: the client issues a request in a stream, and then sends the control frame that causes the server to send a RST_STREAM.
Attack Flow
For example, a possible attack scenario can be:
1. Attacker opens an HTTP/2 connection to the server.
2. Attacker sends HEADERS frame with END_STREAM flag on a new stream X.
3. Attacker sends WINDOW_UPDATE for stream X with flow-control window of 0.
4. The server receives the WINDOW_UPDATE and immediately sends RST_STREAM for stream X to the client (+ decreases the active streams counter by 1).
The attacker can repeat steps 2+3 as rapidly as it is capable, since the active streams counter never exceeds 1 and the attacker does not need to wait for the response from the server. This leads to resource exhaustion and distributed denial of service vulnerabilities with an impact of: CPU overload and/or memory exhaustion (implementation dependant)
Comparison to Rapid Reset
The vulnerability takes advantage of a design flow in the HTTP/2 protocol that was also used in the Rapid Reset vulnerability (CVE-2023-44487) which was exploited as a zero-day in the wild in August 2023 to October 2023, against multiple services and vendors. The Rapid Reset vulnerability uses RST_STREAM frames sent from the client, in order to create an unbounded amount of concurrent streams - it was given a CVSS score of 7.5. Rapid Reset was mostly mitigated by limiting the number/rate of RST_STREAM sent from the client, which does not mitigate the MadeYouReset attack - since it triggers the server to send a RST_STREAM.
Suggested Mitigations for MadeYouReset
A quick and easy mitigation will be to limit the number/rate of RST_STREAMs sent from the server. It is also possible to limit the number/rate of control frames sent by the client (e.g. WINDOW_UPDATE and PRIORITY), and treat protocol flow errors as a connection error.
As mentioned in our previous message, this is a protocol-level vulnerability that affects multiple vendors and implementations. Given its broad impact, it is the shared responsibility of all parties involved to handle the disclosure process carefully and coordinate mitigations effectively.
If you have any questions, we will be happy to clarify or schedule a Zoom call.
Gal, Anat and Yaniv.
Jetty's Team Notes
Impact
A denial of service vulnerability similar to Rapid Reset, but where the client triggers a reset from the server by sending a malformed or invalid frame.
In particular, this may be triggered by WINDOW_UPDATE frames that are invalid (e.g. with delta==0 or when the delta makes the window exceed 2^31-1).
Patches
Patch has been merged into 12.0.x mainline via https://github.com/jetty/jetty.project/pull/13449.
Workarounds
No workarounds apart disabling HTTP/2.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.4.57"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:http2-common"
},
"ranges": [
{
"events": [
{
"introduced": "9.3.0"
},
{
"fixed": "9.4.58"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.25"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:http2-common"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.0.25"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:http2-common"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.0.24"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:jetty-http2-common"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.0.25"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.1.0.beta2"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:jetty-http2-common"
},
"ranges": [
{
"events": [
{
"introduced": "12.1.0.alpha0"
},
{
"fixed": "12.1.0.beta3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-5115"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-20T20:52:17Z",
"nvd_published_at": "2025-08-20T20:15:33Z",
"severity": "HIGH"
},
"details": "## Technical Details \nBelow is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as \u201cMadeYouReset.\u201d\n\n### MadeYouReset Vulnerability Summary\nThe MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service.\n\n### Mechanism\nThe vulnerability uses malformed HTTP/2 control frames, or malformed flow, in order to make the server reset streams created by the client (using the RST_STREAM frame). \nThe vulnerability could be triggered by several primitives, defined by the RFC of HTTP/2 (RFC 9113). The Primitives are:\n1. WINDOW_UPDATE frame with an increment of 0 or an increment that makes the window exceed 2^31 - 1. (section 6.9 + 6.9.1)\n2. HEADERS or DATA frames sent on a half-closed (remote) stream (which was closed using the END_STREAM flag). (note that for some implementations it\u0027s possible a CONTINUATION frame to trigger that as well - but it\u0027s very rare). (Section 5.1)\n3. PRIORITY frame with a length other than 5. (section 6.3)\nFrom our experience, the primitives are likely to exist in the decreasing order listed above.\nNote that based on the implementation of the library, other primitives (which are not defined by the RFC) might exist - meaning scenarios in which RST_STREAM is not supposed to be sent, but in the implementation it does. On the other hand - some RFC-defined primitives might not work, even though they are defined by the RFC (as some implementations are not fully complying with RFC). For example, some implementations we\u2019ve seen discard the PRIORITY frame - and thus does not return RST_STREAM, and some implementations send GO_AWAY when receiving a WINDOW_UPDATE frame with increment of 0.\n\nThe vulnerability takes advantage of a design flaw in the HTTP/2 protocol - While HTTP/2 has a limit on the number of concurrently active streams per connection (which is usually 100, and is set by the parameter SETTINGS_MAX_CONCURRENT_STREAMS), the number of active streams is not counted correctly - when a stream is reset, it is immediately considered not active, and thus unaccounted for in the active streams counter. \nWhile the protocol does not count those streams as active, the server\u2019s backend logic still processes and handles the requests that were canceled.\n\nThus, the attacker can exploit this vulnerability to cause the server to handle an unbounded number of concurrent streams from a client on the same connection. The exploitation is very simple: the client issues a request in a stream, and then sends the control frame that causes the server to send a RST_STREAM.\n\n### Attack Flow\nFor example, a possible attack scenario can be: \n1. Attacker opens an HTTP/2 connection to the server.\n2. Attacker sends HEADERS frame with END_STREAM flag on a new stream X. \n3. Attacker sends WINDOW_UPDATE for stream X with flow-control window of 0.\n4. The server receives the WINDOW_UPDATE and immediately sends RST_STREAM for stream X to the client (+ decreases the active streams counter by 1).\n\nThe attacker can repeat steps 2+3 as rapidly as it is capable, since the active streams counter never exceeds 1 and the attacker does not need to wait for the response from the server.\nThis leads to resource exhaustion and distributed denial of service vulnerabilities with an impact of: CPU overload and/or memory exhaustion (implementation dependant)\n\n### Comparison to Rapid Reset\nThe vulnerability takes advantage of a design flow in the HTTP/2 protocol that was also used in the Rapid Reset vulnerability (CVE-2023-44487) which was exploited as a zero-day in the wild in August 2023 to October 2023, against multiple services and vendors.\nThe Rapid Reset vulnerability uses RST_STREAM frames sent from the client, in order to create an unbounded amount of concurrent streams - it was given a CVSS score of 7.5.\nRapid Reset was mostly mitigated by limiting the number/rate of RST_STREAM sent from the client, which does not mitigate the MadeYouReset attack - since it triggers the server to send a RST_STREAM.\n\n### Suggested Mitigations for MadeYouReset\nA quick and easy mitigation will be to limit the number/rate of RST_STREAMs sent from the server.\nIt is also possible to limit the number/rate of control frames sent by the client (e.g. WINDOW_UPDATE and PRIORITY), and treat protocol flow errors as a connection error.\n\nAs mentioned in our previous message, this is a protocol-level vulnerability that affects multiple vendors and implementations. Given its broad impact, it is the shared responsibility of all parties involved to handle the disclosure process carefully and coordinate mitigations effectively.\n\n\nIf you have any questions, we will be happy to clarify or schedule a Zoom call.\n\nGal, Anat and Yaniv.\n\n\n\n## Jetty\u0027s Team Notes\n\n### Impact\nA denial of service vulnerability similar to [Rapid Reset](https://github.com/jetty/jetty.project/security/advisories/GHSA-c745-7wm4-7738), but where the client triggers a reset from the server by sending a malformed or invalid frame.\nIn particular, this may be triggered by WINDOW_UPDATE frames that are invalid (e.g. with `delta==0` or when the delta makes the window exceed `2^31-1`).\n\n### Patches\nPatch has been merged into 12.0.x mainline via https://github.com/jetty/jetty.project/pull/13449.\n\n### Workarounds\nNo workarounds apart disabling HTTP/2.",
"id": "GHSA-mmxm-8w33-wc4h",
"modified": "2025-08-21T14:01:19Z",
"published": "2025-08-20T20:52:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/pull/13449"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/commit/f9ee3904788b08203ed62c95a560d951da37bdb1"
},
{
"type": "PACKAGE",
"url": "https://github.com/jetty/jetty.project"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0"
},
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability"
}
suse-su-2025:02993-1
Vulnerability from csaf_suse
Published
2025-09-01 14:04
Modified
2025-09-01 14:04
Summary
Security update for jetty-minimal
Notes
Title of the patch
Security update for jetty-minimal
Description of the patch
This update for jetty-minimal fixes the following issues:
Upgraded to version 9.4.58.v20250814:
- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)
Patchnames
SUSE-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2993,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2993,SUSE-Storage-7.1-2025-2993,openSUSE-SLE-15.6-2025-2993
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jetty-minimal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jetty-minimal fixes the following issues:\n\nUpgraded to version 9.4.58.v20250814:\n- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2993,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2993,SUSE-Storage-7.1-2025-2993,openSUSE-SLE-15.6-2025-2993",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02993-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02993-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502993-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02993-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022294.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244252",
"url": "https://bugzilla.suse.com/1244252"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5115/"
}
],
"title": "Security update for jetty-minimal",
"tracking": {
"current_release_date": "2025-09-01T14:04:07Z",
"generator": {
"date": "2025-09-01T14:04:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02993-1",
"initial_release_date": "2025-09-01T14:04:07Z",
"revision_history": [
{
"date": "2025-09-01T14:04:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-annotations-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-ant-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-cdi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-continuation-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-deploy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-fcgi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-spi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-io-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jaas-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jmx-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jndi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jsp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-openid-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-plus-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-project-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-proxy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-quickstart-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-rewrite-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-security-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlets-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-start-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-webapp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-xml-9.4.58-150200.3.34.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-project-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-start-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5115"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5115",
"url": "https://www.suse.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1244252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-01T14:04:07Z",
"details": "important"
}
],
"title": "CVE-2025-5115"
}
]
}
suse-su-2025:02993-2
Vulnerability from csaf_suse
Published
2025-09-01 14:04
Modified
2025-09-01 14:04
Summary
Security update for jetty-minimal
Notes
Title of the patch
Security update for jetty-minimal
Description of the patch
This update for jetty-minimal fixes the following issues:
Upgraded to version 9.4.58.v20250814:
- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)
Patchnames
SUSE-2025-2993,openSUSE-SLE-15.6-2025-2993
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jetty-minimal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jetty-minimal fixes the following issues:\n\nUpgraded to version 9.4.58.v20250814:\n- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2993,openSUSE-SLE-15.6-2025-2993",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02993-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02993-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502993-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02993-2",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041479.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244252",
"url": "https://bugzilla.suse.com/1244252"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5115/"
}
],
"title": "Security update for jetty-minimal",
"tracking": {
"current_release_date": "2025-09-01T14:04:07Z",
"generator": {
"date": "2025-09-01T14:04:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02993-2",
"initial_release_date": "2025-09-01T14:04:07Z",
"revision_history": [
{
"date": "2025-09-01T14:04:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-annotations-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-ant-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-cdi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-continuation-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-deploy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-fcgi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-spi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-io-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jaas-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jmx-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jndi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jsp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-openid-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-plus-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-project-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-proxy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-quickstart-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-rewrite-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-security-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlets-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-start-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-webapp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-xml-9.4.58-150200.3.34.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-project-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-start-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5115"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5115",
"url": "https://www.suse.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1244252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-01T14:04:07Z",
"details": "important"
}
],
"title": "CVE-2025-5115"
}
]
}
fkie_cve-2025-5115
Vulnerability from fkie_nvd
Published
2025-08-20 20:15
Modified
2025-08-22 18:09
Severity ?
Summary
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.
For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.
Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.
The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.
The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.
Links:
* https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"lang": "es",
"value": "En Eclipse Jetty, versiones \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, un cliente HTTP/2 puede provocar que el servidor env\u00ede tramas RST_STREAM, por ejemplo, enviando tramas con formato incorrecto o que no deber\u00edan enviarse en un estado de flujo espec\u00edfico, lo que obliga al servidor a consumir recursos como CPU y memoria. Por ejemplo, un cliente puede abrir un flujo y luego enviar tramas WINDOW_UPDATE con un incremento de tama\u00f1o de ventana de 0, lo cual es ilegal. Seg\u00fan la especificaci\u00f3n https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update, el servidor debe enviar una trama RST_STREAM. El cliente ahora puede abrir otra transmisi\u00f3n y enviar otra WINDOW_UPDATE incorrecta, lo que provoca que el servidor consuma m\u00e1s recursos de los necesarios. En este caso, no se supera el n\u00famero m\u00e1ximo de transmisiones simult\u00e1neas, pero el cliente puede crear una enorme cantidad de transmisiones en poco tiempo. El ataque puede ejecutarse con otras condiciones (por ejemplo, una trama DATA para una transmisi\u00f3n cerrada) que provocan que el servidor env\u00ede una trama RST_STREAM. Enlaces: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
}
],
"id": "CVE-2025-5115",
"lastModified": "2025-08-22T18:09:17.710",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
},
"published": "2025-08-20T20:15:33.377",
"references": [
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/pull/13449"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814"
},
{
"source": "emo@eclipse.org",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
}
wid-sec-w-2025-1830
Vulnerability from csaf_certbund
Published
2025-08-13 22:00
Modified
2025-09-22 22:00
Summary
http/2 Implementierungen: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
http/2 ist das HyperText Transfer Protocol in Version 2.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in verschiednen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "http/2 ist das HyperText Transfer Protocol in Version 2.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in verschiednen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1830 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1830.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1830 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1830"
},
{
"category": "external",
"summary": "Gal Bar Nahum\u0027s Blog - MadeYouReset Series vom 2025-08-13",
"url": "https://galbarnahum.com/made-you-reset"
},
{
"category": "external",
"summary": "CERT/CC VU#767506 vom 2025-08-13",
"url": "https://kb.cert.org/vuls/id/767506"
},
{
"category": "external",
"summary": "Varnish Security Advisory VSV00017 vom 2025-08-13",
"url": "https://varnish-cache.org/security/VSV00017.html"
},
{
"category": "external",
"summary": "Mailing List OSS Security vom 2025-08-13",
"url": "https://seclists.org/oss-sec/2025/q3/95"
},
{
"category": "external",
"summary": "Tomcat 9 Security vom 2025-08-13",
"url": "https://tomcat.apache.org/security-9.html"
},
{
"category": "external",
"summary": "Tomcat 10 Security vom 2025-08-13",
"url": "https://tomcat.apache.org/security-10.html"
},
{
"category": "external",
"summary": "Tomcat 11 Security vom 2025-08-13",
"url": "https://tomcat.apache.org/security-11.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13686 vom 2025-08-13",
"url": "https://access.redhat.com/errata/RHSA-2025:13686"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13685 vom 2025-08-14",
"url": "https://access.redhat.com/errata/RHSA-2025:13685"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15449-1 vom 2025-08-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LD37QPQBLKIFMKWJXACHGPA7WALFCOM7/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14004 vom 2025-08-19",
"url": "https://access.redhat.com/errata/RHSA-2025:14004"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14008 vom 2025-08-19",
"url": "https://access.redhat.com/errata/RHSA-2025:14008"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14182 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14182"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14177 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14177"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14180 vom 2025-08-21",
"url": "https://access.redhat.com/errata/RHSA-2025:14180"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-MMXM-8W33-WC4H vom 2025-08-20",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14179 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14179"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14178 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14178"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14183 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14183"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14177 vom 2025-08-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-14177.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14197 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14197"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14181 vom 2025-08-20",
"url": "https://access.redhat.com/errata/RHSA-2025:14181"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14181 vom 2025-08-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-14181.html"
},
{
"category": "external",
"summary": "New Varnish Cache releases (7.7.3, 7.6.5 and 6.0.16) vom 2025-08-20",
"url": "https://varnish-cache.org/lists/pipermail/varnish-announce/2025-August/000771.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14178 vom 2025-08-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-14178.html"
},
{
"category": "external",
"summary": "PoC CVE-2025-8671 vom 2025-08-24",
"url": "https://github.com/abiyeenzo/CVE-2025-8671"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15483-1 vom 2025-08-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXDF5TMMN4LHEDWLII7MMDPWQR5D6UWU/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14179 vom 2025-08-22",
"url": "https://linux.oracle.com/errata/ELSA-2025-14179.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15490-1 vom 2025-08-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HVS2SK75HFDIVZCEQSOAOL6TTJCJFJZK/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15491-1 vom 2025-08-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PFPY4ZCVL2NZMRDOWWAY4ZBXIIA663BF/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15489-1 vom 2025-08-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBHMT4B4D7HRMDPQJYDEV5UUSG7LVAHI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02992-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022280.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02993-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022294.html"
},
{
"category": "external",
"summary": "Camunda Security Notice 144 vom 2025-08-28",
"url": "https://docs.camunda.org/security/notices/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03006-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022326.html"
},
{
"category": "external",
"summary": "ATOSS Sicherheitsmitteilung: Apache Tomcat-Sicherheitsl\u00fccken vom 2025-08-28",
"url": "https://www.atoss.ch/de-ch/sicherheit/security-news"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14911 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14911"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03024-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022345.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03021-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022331.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02993-2 vom 2025-09-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022373.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02993-2 vom 2025-09-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WDVRXONEUUASOWSNXL4RQLFHU45FFDH6/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14919 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:14919"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2TOMCAT9-2025-022 vom 2025-09-04",
"url": "https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2025-022.html"
},
{
"category": "external",
"summary": "PDFreactor Release Notes vom 2025-09-05",
"url": "https://www.pdfreactor.com/pdfreactor-12-3-now-available/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:14177 vom 2025-09-08",
"url": "https://errata.build.resf.org/RLSA-2025:14177"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03114-1 vom 2025-09-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022412.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15612 vom 2025-09-10",
"url": "https://access.redhat.com/errata/RHSA-2025:15612"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15697 vom 2025-09-11",
"url": "https://access.redhat.com/errata/RHSA-2025:15697"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4299 vom 2025-09-14",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00014.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6005 vom 2025-09-19",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00169.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6006 vom 2025-09-19",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00170.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:16407 vom 2025-09-23",
"url": "https://access.redhat.com/errata/RHSA-2025:16407"
}
],
"source_lang": "en-US",
"title": "http/2 Implementierungen: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-09-22T22:00:00.000+00:00",
"generator": {
"date": "2025-09-23T04:57:09.112+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1830",
"initial_release_date": "2025-08-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-20T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat, Open Source, Oracle Linux und European Union Vulnerability Database aufgenommen"
},
{
"date": "2025-08-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-08-24T22:00:00.000+00:00",
"number": "6",
"summary": "PoC aufgenommen"
},
{
"date": "2025-08-26T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-08-27T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-01T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-04T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-09-07T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-09-08T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-09-09T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-10T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-11T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-14T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-09-21T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-09-22T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "21"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "ATOSS Staff Efficiency Suite",
"product": {
"name": "ATOSS Staff Efficiency Suite",
"product_id": "T041371",
"product_identification_helper": {
"cpe": "cpe:/a:atoss:staff_efficiency_suite:-"
}
}
}
],
"category": "vendor",
"name": "ATOSS"
},
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.10",
"product": {
"name": "Apache Tomcat \u003c11.0.10",
"product_id": "1821869"
}
},
{
"category": "product_version",
"name": "11.0.10",
"product": {
"name": "Apache Tomcat 11.0.10",
"product_id": "1821869-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:11.0.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.108",
"product": {
"name": "Apache Tomcat \u003c9.0.108",
"product_id": "1821870"
}
},
{
"category": "product_version",
"name": "9.0.108",
"product": {
"name": "Apache Tomcat 9.0.108",
"product_id": "1821870-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.108"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.44",
"product": {
"name": "Apache Tomcat \u003c10.1.44",
"product_id": "T046241"
}
},
{
"category": "product_version",
"name": "10.1.44",
"product": {
"name": "Apache Tomcat 10.1.44",
"product_id": "T046241-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:10.1.44"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4.58",
"product": {
"name": "Eclipse Jetty \u003c9.4.58",
"product_id": "T046367"
}
},
{
"category": "product_version",
"name": "9.4.58",
"product": {
"name": "Eclipse Jetty 9.4.58",
"product_id": "T046367-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:9.4.58"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.26",
"product": {
"name": "Eclipse Jetty \u003c10.0.26",
"product_id": "T046368"
}
},
{
"category": "product_version",
"name": "10.0.26",
"product": {
"name": "Eclipse Jetty 10.0.26",
"product_id": "T046368-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:10.0.26"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.26",
"product": {
"name": "Eclipse Jetty \u003c11.0.26",
"product_id": "T046369"
}
},
{
"category": "product_version",
"name": "11.0.26",
"product": {
"name": "Eclipse Jetty 11.0.26",
"product_id": "T046369-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:11.0.26"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.25",
"product": {
"name": "Eclipse Jetty \u003c12.0.25",
"product_id": "T046370"
}
},
{
"category": "product_version",
"name": "12.0.25",
"product": {
"name": "Eclipse Jetty 12.0.25",
"product_id": "T046370-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:12.0.25"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.1.0.beta3",
"product": {
"name": "Eclipse Jetty \u003c12.1.0.beta3",
"product_id": "T046371"
}
},
{
"category": "product_version",
"name": "12.1.0.beta3",
"product": {
"name": "Eclipse Jetty 12.1.0.beta3",
"product_id": "T046371-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:12.1.0.beta3"
}
}
}
],
"category": "product_name",
"name": "Jetty"
}
],
"category": "vendor",
"name": "Eclipse"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Optimize \u003c3.15.7",
"product": {
"name": "Open Source Camunda Optimize \u003c3.15.7",
"product_id": "T046585"
}
},
{
"category": "product_version",
"name": "Optimize 3.15.7",
"product": {
"name": "Open Source Camunda Optimize 3.15.7",
"product_id": "T046585-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:optimize_3.15.7"
}
}
},
{
"category": "product_version_range",
"name": "Optimize \u003c3.14.8",
"product": {
"name": "Open Source Camunda Optimize \u003c3.14.8",
"product_id": "T046586"
}
},
{
"category": "product_version",
"name": "Optimize 3.14.8",
"product": {
"name": "Open Source Camunda Optimize 3.14.8",
"product_id": "T046586-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:optimize_3.14.8"
}
}
},
{
"category": "product_version_range",
"name": "Optimize \u003c3.13.19",
"product": {
"name": "Open Source Camunda Optimize \u003c3.13.19",
"product_id": "T046587"
}
},
{
"category": "product_version",
"name": "Optimize 3.13.19",
"product": {
"name": "Open Source Camunda Optimize 3.13.19",
"product_id": "T046587-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:optimize_3.13.19"
}
}
}
],
"category": "product_name",
"name": "Camunda"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.6.4",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c7.6.4",
"product_id": "T046242"
}
},
{
"category": "product_version",
"name": "7.6.4",
"product": {
"name": "Open Source Varnish HTTP Cache 7.6.4",
"product_id": "T046242-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:7.6.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.7.2",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c7.7.2",
"product_id": "T046243"
}
},
{
"category": "product_version",
"name": "7.7.2",
"product": {
"name": "Open Source Varnish HTTP Cache 7.7.2",
"product_id": "T046243-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:7.7.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.15",
"product": {
"name": "Open Source Varnish HTTP Cache \u003c6.0.15",
"product_id": "T046244"
}
},
{
"category": "product_version",
"name": "6.0.15",
"product": {
"name": "Open Source Varnish HTTP Cache 6.0.15",
"product_id": "T046244-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:varnish_http_accelerator_integration_project:varnish:6.0.15"
}
}
}
],
"category": "product_name",
"name": "Varnish HTTP Cache"
},
{
"category": "product_name",
"name": "Open Source lighttpd",
"product": {
"name": "Open Source lighttpd",
"product_id": "T000812",
"product_identification_helper": {
"cpe": "cpe:/a:lighttpd:lighttpd:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.3",
"product": {
"name": "RealObjects PDFreactor \u003c12.3",
"product_id": "T046765"
}
},
{
"category": "product_version",
"name": "12.3",
"product": {
"name": "RealObjects PDFreactor 12.3",
"product_id": "T046765-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:realobjects:pdfreactor:12.3"
}
}
}
],
"category": "product_name",
"name": "PDFreactor"
}
],
"category": "vendor",
"name": "RealObjects"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Apache Camel 1",
"product": {
"name": "Red Hat Enterprise Linux Apache Camel 1",
"product_id": "T044468",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_1"
}
}
},
{
"category": "product_version",
"name": "Quarkus 3.15.6.SP1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.15.6.SP1",
"product_id": "T046330",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus_3.15.6.sp1"
}
}
},
{
"category": "product_version",
"name": "Quarkus 3.20.2.SP1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.20.2.SP1",
"product_id": "T046331",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus_3.20.2.sp1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Camel for Spring Boot 1",
"product": {
"name": "Red Hat Integration Camel for Spring Boot 1",
"product_id": "T035240",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_for_spring_boot_1"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"branches": [
{
"category": "product_version",
"name": "Middleware 1",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform Middleware 1",
"product_id": "T046944",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:middleware_1"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1.2",
"product": {
"name": "Red Hat JBoss Web Server \u003c6.1.2",
"product_id": "T046251"
}
},
{
"category": "product_version",
"name": "6.1.2",
"product": {
"name": "Red Hat JBoss Web Server 6.1.2",
"product_id": "T046251-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1.2"
}
}
}
],
"category": "product_name",
"name": "JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Specification http/2",
"product": {
"name": "Specification http/2",
"product_id": "T030386",
"product_identification_helper": {
"cpe": "cpe:/a:ietf:http2:-"
}
}
}
],
"category": "vendor",
"name": "Specification"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-48989",
"product_status": {
"known_affected": [
"T030386",
"T046370",
"67646",
"T046371",
"T004914",
"T000812",
"1821870",
"T046330",
"T046331",
"398363",
"T046251",
"T035240",
"T032255",
"1821869",
"T046944",
"T046369",
"T046765",
"T041371",
"T044468",
"2951",
"T002207",
"T027843",
"T046242",
"T046243",
"T046241",
"T046367",
"T046587",
"T046368",
"T046244",
"T046585",
"T046586"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-5115",
"product_status": {
"known_affected": [
"T030386",
"T046370",
"67646",
"T046371",
"T004914",
"T000812",
"1821870",
"T046330",
"T046331",
"398363",
"T046251",
"T035240",
"T032255",
"1821869",
"T046944",
"T046369",
"T046765",
"T041371",
"T044468",
"2951",
"T002207",
"T027843",
"T046242",
"T046243",
"T046241",
"T046367",
"T046587",
"T046368",
"T046244",
"T046585",
"T046586"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-55163",
"product_status": {
"known_affected": [
"T030386",
"T046370",
"67646",
"T046371",
"T004914",
"T000812",
"1821870",
"T046330",
"T046331",
"398363",
"T046251",
"T035240",
"T032255",
"1821869",
"T046944",
"T046369",
"T046765",
"T041371",
"T044468",
"2951",
"T002207",
"T027843",
"T046242",
"T046243",
"T046241",
"T046367",
"T046587",
"T046368",
"T046244",
"T046585",
"T046586"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-8671",
"product_status": {
"known_affected": [
"T030386",
"T046370",
"67646",
"T046371",
"T004914",
"T000812",
"1821870",
"T046330",
"T046331",
"398363",
"T046251",
"T035240",
"T032255",
"1821869",
"T046944",
"T046369",
"T046765",
"T041371",
"T044468",
"2951",
"T002207",
"T027843",
"T046242",
"T046243",
"T046241",
"T046367",
"T046587",
"T046368",
"T046244",
"T046585",
"T046586"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-8671"
}
]
}
opensuse-su-2025:15482-1
Vulnerability from csaf_opensuse
Published
2025-08-22 00:00
Modified
2025-08-22 00:00
Summary
jetty-annotations-9.4.58-1.1 on GA media
Notes
Title of the patch
jetty-annotations-9.4.58-1.1 on GA media
Description of the patch
These are all security issues fixed in the jetty-annotations-9.4.58-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15482
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jetty-annotations-9.4.58-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jetty-annotations-9.4.58-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15482",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15482-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5115/"
}
],
"title": "jetty-annotations-9.4.58-1.1 on GA media",
"tracking": {
"current_release_date": "2025-08-22T00:00:00Z",
"generator": {
"date": "2025-08-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15482-1",
"initial_release_date": "2025-08-22T00:00:00Z",
"revision_history": [
{
"date": "2025-08-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-annotations-9.4.58-1.1.aarch64",
"product_id": "jetty-annotations-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-ant-9.4.58-1.1.aarch64",
"product_id": "jetty-ant-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-cdi-9.4.58-1.1.aarch64",
"product_id": "jetty-cdi-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-client-9.4.58-1.1.aarch64",
"product_id": "jetty-client-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-continuation-9.4.58-1.1.aarch64",
"product_id": "jetty-continuation-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-deploy-9.4.58-1.1.aarch64",
"product_id": "jetty-deploy-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-fcgi-9.4.58-1.1.aarch64",
"product_id": "jetty-fcgi-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-http-9.4.58-1.1.aarch64",
"product_id": "jetty-http-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-http-spi-9.4.58-1.1.aarch64",
"product_id": "jetty-http-spi-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-io-9.4.58-1.1.aarch64",
"product_id": "jetty-io-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-jaas-9.4.58-1.1.aarch64",
"product_id": "jetty-jaas-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-jmx-9.4.58-1.1.aarch64",
"product_id": "jetty-jmx-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-jndi-9.4.58-1.1.aarch64",
"product_id": "jetty-jndi-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-jsp-9.4.58-1.1.aarch64",
"product_id": "jetty-jsp-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"product_id": "jetty-minimal-javadoc-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-openid-9.4.58-1.1.aarch64",
"product_id": "jetty-openid-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-plus-9.4.58-1.1.aarch64",
"product_id": "jetty-plus-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-project-9.4.58-1.1.aarch64",
"product_id": "jetty-project-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-proxy-9.4.58-1.1.aarch64",
"product_id": "jetty-proxy-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-quickstart-9.4.58-1.1.aarch64",
"product_id": "jetty-quickstart-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-rewrite-9.4.58-1.1.aarch64",
"product_id": "jetty-rewrite-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-security-9.4.58-1.1.aarch64",
"product_id": "jetty-security-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-server-9.4.58-1.1.aarch64",
"product_id": "jetty-server-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-servlet-9.4.58-1.1.aarch64",
"product_id": "jetty-servlet-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-servlets-9.4.58-1.1.aarch64",
"product_id": "jetty-servlets-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-start-9.4.58-1.1.aarch64",
"product_id": "jetty-start-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-util-9.4.58-1.1.aarch64",
"product_id": "jetty-util-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-util-ajax-9.4.58-1.1.aarch64",
"product_id": "jetty-util-ajax-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-webapp-9.4.58-1.1.aarch64",
"product_id": "jetty-webapp-9.4.58-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-1.1.aarch64",
"product": {
"name": "jetty-xml-9.4.58-1.1.aarch64",
"product_id": "jetty-xml-9.4.58-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-annotations-9.4.58-1.1.ppc64le",
"product_id": "jetty-annotations-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-ant-9.4.58-1.1.ppc64le",
"product_id": "jetty-ant-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-cdi-9.4.58-1.1.ppc64le",
"product_id": "jetty-cdi-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-client-9.4.58-1.1.ppc64le",
"product_id": "jetty-client-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-continuation-9.4.58-1.1.ppc64le",
"product_id": "jetty-continuation-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-deploy-9.4.58-1.1.ppc64le",
"product_id": "jetty-deploy-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-fcgi-9.4.58-1.1.ppc64le",
"product_id": "jetty-fcgi-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-http-9.4.58-1.1.ppc64le",
"product_id": "jetty-http-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-http-spi-9.4.58-1.1.ppc64le",
"product_id": "jetty-http-spi-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-io-9.4.58-1.1.ppc64le",
"product_id": "jetty-io-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-jaas-9.4.58-1.1.ppc64le",
"product_id": "jetty-jaas-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-jmx-9.4.58-1.1.ppc64le",
"product_id": "jetty-jmx-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-jndi-9.4.58-1.1.ppc64le",
"product_id": "jetty-jndi-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-jsp-9.4.58-1.1.ppc64le",
"product_id": "jetty-jsp-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"product_id": "jetty-minimal-javadoc-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-openid-9.4.58-1.1.ppc64le",
"product_id": "jetty-openid-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-plus-9.4.58-1.1.ppc64le",
"product_id": "jetty-plus-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-project-9.4.58-1.1.ppc64le",
"product_id": "jetty-project-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-proxy-9.4.58-1.1.ppc64le",
"product_id": "jetty-proxy-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-quickstart-9.4.58-1.1.ppc64le",
"product_id": "jetty-quickstart-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-rewrite-9.4.58-1.1.ppc64le",
"product_id": "jetty-rewrite-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-security-9.4.58-1.1.ppc64le",
"product_id": "jetty-security-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-server-9.4.58-1.1.ppc64le",
"product_id": "jetty-server-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-servlet-9.4.58-1.1.ppc64le",
"product_id": "jetty-servlet-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-servlets-9.4.58-1.1.ppc64le",
"product_id": "jetty-servlets-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-start-9.4.58-1.1.ppc64le",
"product_id": "jetty-start-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-util-9.4.58-1.1.ppc64le",
"product_id": "jetty-util-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-util-ajax-9.4.58-1.1.ppc64le",
"product_id": "jetty-util-ajax-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-webapp-9.4.58-1.1.ppc64le",
"product_id": "jetty-webapp-9.4.58-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-1.1.ppc64le",
"product": {
"name": "jetty-xml-9.4.58-1.1.ppc64le",
"product_id": "jetty-xml-9.4.58-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-1.1.s390x",
"product": {
"name": "jetty-annotations-9.4.58-1.1.s390x",
"product_id": "jetty-annotations-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-1.1.s390x",
"product": {
"name": "jetty-ant-9.4.58-1.1.s390x",
"product_id": "jetty-ant-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-1.1.s390x",
"product": {
"name": "jetty-cdi-9.4.58-1.1.s390x",
"product_id": "jetty-cdi-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-1.1.s390x",
"product": {
"name": "jetty-client-9.4.58-1.1.s390x",
"product_id": "jetty-client-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-1.1.s390x",
"product": {
"name": "jetty-continuation-9.4.58-1.1.s390x",
"product_id": "jetty-continuation-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-1.1.s390x",
"product": {
"name": "jetty-deploy-9.4.58-1.1.s390x",
"product_id": "jetty-deploy-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-1.1.s390x",
"product": {
"name": "jetty-fcgi-9.4.58-1.1.s390x",
"product_id": "jetty-fcgi-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-1.1.s390x",
"product": {
"name": "jetty-http-9.4.58-1.1.s390x",
"product_id": "jetty-http-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-1.1.s390x",
"product": {
"name": "jetty-http-spi-9.4.58-1.1.s390x",
"product_id": "jetty-http-spi-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-1.1.s390x",
"product": {
"name": "jetty-io-9.4.58-1.1.s390x",
"product_id": "jetty-io-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-1.1.s390x",
"product": {
"name": "jetty-jaas-9.4.58-1.1.s390x",
"product_id": "jetty-jaas-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-1.1.s390x",
"product": {
"name": "jetty-jmx-9.4.58-1.1.s390x",
"product_id": "jetty-jmx-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-1.1.s390x",
"product": {
"name": "jetty-jndi-9.4.58-1.1.s390x",
"product_id": "jetty-jndi-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-1.1.s390x",
"product": {
"name": "jetty-jsp-9.4.58-1.1.s390x",
"product_id": "jetty-jsp-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-1.1.s390x",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.s390x",
"product_id": "jetty-minimal-javadoc-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-1.1.s390x",
"product": {
"name": "jetty-openid-9.4.58-1.1.s390x",
"product_id": "jetty-openid-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-1.1.s390x",
"product": {
"name": "jetty-plus-9.4.58-1.1.s390x",
"product_id": "jetty-plus-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-1.1.s390x",
"product": {
"name": "jetty-project-9.4.58-1.1.s390x",
"product_id": "jetty-project-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-1.1.s390x",
"product": {
"name": "jetty-proxy-9.4.58-1.1.s390x",
"product_id": "jetty-proxy-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-1.1.s390x",
"product": {
"name": "jetty-quickstart-9.4.58-1.1.s390x",
"product_id": "jetty-quickstart-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-1.1.s390x",
"product": {
"name": "jetty-rewrite-9.4.58-1.1.s390x",
"product_id": "jetty-rewrite-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-1.1.s390x",
"product": {
"name": "jetty-security-9.4.58-1.1.s390x",
"product_id": "jetty-security-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-1.1.s390x",
"product": {
"name": "jetty-server-9.4.58-1.1.s390x",
"product_id": "jetty-server-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-1.1.s390x",
"product": {
"name": "jetty-servlet-9.4.58-1.1.s390x",
"product_id": "jetty-servlet-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-1.1.s390x",
"product": {
"name": "jetty-servlets-9.4.58-1.1.s390x",
"product_id": "jetty-servlets-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-1.1.s390x",
"product": {
"name": "jetty-start-9.4.58-1.1.s390x",
"product_id": "jetty-start-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-1.1.s390x",
"product": {
"name": "jetty-util-9.4.58-1.1.s390x",
"product_id": "jetty-util-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-1.1.s390x",
"product": {
"name": "jetty-util-ajax-9.4.58-1.1.s390x",
"product_id": "jetty-util-ajax-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-1.1.s390x",
"product": {
"name": "jetty-webapp-9.4.58-1.1.s390x",
"product_id": "jetty-webapp-9.4.58-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-1.1.s390x",
"product": {
"name": "jetty-xml-9.4.58-1.1.s390x",
"product_id": "jetty-xml-9.4.58-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-annotations-9.4.58-1.1.x86_64",
"product_id": "jetty-annotations-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-ant-9.4.58-1.1.x86_64",
"product_id": "jetty-ant-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-cdi-9.4.58-1.1.x86_64",
"product_id": "jetty-cdi-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-client-9.4.58-1.1.x86_64",
"product_id": "jetty-client-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-continuation-9.4.58-1.1.x86_64",
"product_id": "jetty-continuation-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-deploy-9.4.58-1.1.x86_64",
"product_id": "jetty-deploy-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-fcgi-9.4.58-1.1.x86_64",
"product_id": "jetty-fcgi-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-http-9.4.58-1.1.x86_64",
"product_id": "jetty-http-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-http-spi-9.4.58-1.1.x86_64",
"product_id": "jetty-http-spi-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-io-9.4.58-1.1.x86_64",
"product_id": "jetty-io-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-jaas-9.4.58-1.1.x86_64",
"product_id": "jetty-jaas-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-jmx-9.4.58-1.1.x86_64",
"product_id": "jetty-jmx-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-jndi-9.4.58-1.1.x86_64",
"product_id": "jetty-jndi-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-jsp-9.4.58-1.1.x86_64",
"product_id": "jetty-jsp-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"product_id": "jetty-minimal-javadoc-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-openid-9.4.58-1.1.x86_64",
"product_id": "jetty-openid-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-plus-9.4.58-1.1.x86_64",
"product_id": "jetty-plus-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-project-9.4.58-1.1.x86_64",
"product_id": "jetty-project-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-proxy-9.4.58-1.1.x86_64",
"product_id": "jetty-proxy-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-quickstart-9.4.58-1.1.x86_64",
"product_id": "jetty-quickstart-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-rewrite-9.4.58-1.1.x86_64",
"product_id": "jetty-rewrite-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-security-9.4.58-1.1.x86_64",
"product_id": "jetty-security-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-server-9.4.58-1.1.x86_64",
"product_id": "jetty-server-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-servlet-9.4.58-1.1.x86_64",
"product_id": "jetty-servlet-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-servlets-9.4.58-1.1.x86_64",
"product_id": "jetty-servlets-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-start-9.4.58-1.1.x86_64",
"product_id": "jetty-start-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-util-9.4.58-1.1.x86_64",
"product_id": "jetty-util-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-util-ajax-9.4.58-1.1.x86_64",
"product_id": "jetty-util-ajax-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-webapp-9.4.58-1.1.x86_64",
"product_id": "jetty-webapp-9.4.58-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-1.1.x86_64",
"product": {
"name": "jetty-xml-9.4.58-1.1.x86_64",
"product_id": "jetty-xml-9.4.58-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-annotations-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-annotations-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.s390x"
},
"product_reference": "jetty-annotations-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-annotations-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-ant-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-ant-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.s390x"
},
"product_reference": "jetty-ant-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-ant-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-cdi-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-cdi-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.s390x"
},
"product_reference": "jetty-cdi-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-cdi-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-client-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-client-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.58-1.1.s390x"
},
"product_reference": "jetty-client-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-client-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-continuation-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-continuation-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.s390x"
},
"product_reference": "jetty-continuation-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-continuation-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-deploy-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-deploy-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.s390x"
},
"product_reference": "jetty-deploy-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-deploy-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-fcgi-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-fcgi-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.s390x"
},
"product_reference": "jetty-fcgi-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-fcgi-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-http-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-http-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.58-1.1.s390x"
},
"product_reference": "jetty-http-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-http-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-http-spi-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-http-spi-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.s390x"
},
"product_reference": "jetty-http-spi-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-http-spi-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-io-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-io-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.58-1.1.s390x"
},
"product_reference": "jetty-io-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-io-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-jaas-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-jaas-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.s390x"
},
"product_reference": "jetty-jaas-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-jaas-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-jmx-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-jmx-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.s390x"
},
"product_reference": "jetty-jmx-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-jmx-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-jndi-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-jndi-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.s390x"
},
"product_reference": "jetty-jndi-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-jndi-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-jsp-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-jsp-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.s390x"
},
"product_reference": "jetty-jsp-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-jsp-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.s390x"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-openid-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-openid-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.s390x"
},
"product_reference": "jetty-openid-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-openid-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-plus-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-plus-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.s390x"
},
"product_reference": "jetty-plus-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-plus-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-project-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-project-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.58-1.1.s390x"
},
"product_reference": "jetty-project-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-project-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-proxy-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-proxy-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.s390x"
},
"product_reference": "jetty-proxy-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-proxy-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-quickstart-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-quickstart-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.s390x"
},
"product_reference": "jetty-quickstart-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-quickstart-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-rewrite-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-rewrite-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.s390x"
},
"product_reference": "jetty-rewrite-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-rewrite-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-security-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-security-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.58-1.1.s390x"
},
"product_reference": "jetty-security-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-security-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-server-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-server-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.58-1.1.s390x"
},
"product_reference": "jetty-server-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-server-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-servlet-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-servlet-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.s390x"
},
"product_reference": "jetty-servlet-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-servlet-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-servlets-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-servlets-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.s390x"
},
"product_reference": "jetty-servlets-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-servlets-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-start-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-start-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.58-1.1.s390x"
},
"product_reference": "jetty-start-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-start-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-util-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-util-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.58-1.1.s390x"
},
"product_reference": "jetty-util-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-util-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-util-ajax-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-util-ajax-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.s390x"
},
"product_reference": "jetty-util-ajax-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-util-ajax-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-webapp-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-webapp-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.s390x"
},
"product_reference": "jetty-webapp-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-webapp-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.aarch64"
},
"product_reference": "jetty-xml-9.4.58-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.ppc64le"
},
"product_reference": "jetty-xml-9.4.58-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.s390x"
},
"product_reference": "jetty-xml-9.4.58-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.x86_64"
},
"product_reference": "jetty-xml-9.4.58-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5115"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5115",
"url": "https://www.suse.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1244252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.58-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.58-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-5115"
}
]
}
opensuse-su-2025:15483-1
Vulnerability from csaf_opensuse
Published
2025-08-22 00:00
Modified
2025-08-22 00:00
Summary
netty-4.1.124-1.1 on GA media
Notes
Title of the patch
netty-4.1.124-1.1 on GA media
Description of the patch
These are all security issues fixed in the netty-4.1.124-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15483
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "netty-4.1.124-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the netty-4.1.124-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15483",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15483-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55163 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55163/"
}
],
"title": "netty-4.1.124-1.1 on GA media",
"tracking": {
"current_release_date": "2025-08-22T00:00:00Z",
"generator": {
"date": "2025-08-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15483-1",
"initial_release_date": "2025-08-22T00:00:00Z",
"revision_history": [
{
"date": "2025-08-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.124-1.1.aarch64",
"product": {
"name": "netty-4.1.124-1.1.aarch64",
"product_id": "netty-4.1.124-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.124-1.1.aarch64",
"product": {
"name": "netty-bom-4.1.124-1.1.aarch64",
"product_id": "netty-bom-4.1.124-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.124-1.1.aarch64",
"product": {
"name": "netty-javadoc-4.1.124-1.1.aarch64",
"product_id": "netty-javadoc-4.1.124-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.124-1.1.aarch64",
"product": {
"name": "netty-parent-4.1.124-1.1.aarch64",
"product_id": "netty-parent-4.1.124-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.124-1.1.ppc64le",
"product": {
"name": "netty-4.1.124-1.1.ppc64le",
"product_id": "netty-4.1.124-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.124-1.1.ppc64le",
"product": {
"name": "netty-bom-4.1.124-1.1.ppc64le",
"product_id": "netty-bom-4.1.124-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.124-1.1.ppc64le",
"product": {
"name": "netty-javadoc-4.1.124-1.1.ppc64le",
"product_id": "netty-javadoc-4.1.124-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.124-1.1.ppc64le",
"product": {
"name": "netty-parent-4.1.124-1.1.ppc64le",
"product_id": "netty-parent-4.1.124-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.124-1.1.s390x",
"product": {
"name": "netty-4.1.124-1.1.s390x",
"product_id": "netty-4.1.124-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.124-1.1.s390x",
"product": {
"name": "netty-bom-4.1.124-1.1.s390x",
"product_id": "netty-bom-4.1.124-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.124-1.1.s390x",
"product": {
"name": "netty-javadoc-4.1.124-1.1.s390x",
"product_id": "netty-javadoc-4.1.124-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.124-1.1.s390x",
"product": {
"name": "netty-parent-4.1.124-1.1.s390x",
"product_id": "netty-parent-4.1.124-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.124-1.1.x86_64",
"product": {
"name": "netty-4.1.124-1.1.x86_64",
"product_id": "netty-4.1.124-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.124-1.1.x86_64",
"product": {
"name": "netty-bom-4.1.124-1.1.x86_64",
"product_id": "netty-bom-4.1.124-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.124-1.1.x86_64",
"product": {
"name": "netty-javadoc-4.1.124-1.1.x86_64",
"product_id": "netty-javadoc-4.1.124-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.124-1.1.x86_64",
"product": {
"name": "netty-parent-4.1.124-1.1.x86_64",
"product_id": "netty-parent-4.1.124-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.124-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.124-1.1.aarch64"
},
"product_reference": "netty-4.1.124-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.124-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.124-1.1.ppc64le"
},
"product_reference": "netty-4.1.124-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.124-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.124-1.1.s390x"
},
"product_reference": "netty-4.1.124-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.124-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.124-1.1.x86_64"
},
"product_reference": "netty-4.1.124-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.124-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.124-1.1.aarch64"
},
"product_reference": "netty-bom-4.1.124-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.124-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.124-1.1.ppc64le"
},
"product_reference": "netty-bom-4.1.124-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.124-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.124-1.1.s390x"
},
"product_reference": "netty-bom-4.1.124-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.124-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.124-1.1.x86_64"
},
"product_reference": "netty-bom-4.1.124-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.124-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.aarch64"
},
"product_reference": "netty-javadoc-4.1.124-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.124-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.ppc64le"
},
"product_reference": "netty-javadoc-4.1.124-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.124-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.s390x"
},
"product_reference": "netty-javadoc-4.1.124-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.124-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.x86_64"
},
"product_reference": "netty-javadoc-4.1.124-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.124-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.124-1.1.aarch64"
},
"product_reference": "netty-parent-4.1.124-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.124-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.124-1.1.ppc64le"
},
"product_reference": "netty-parent-4.1.124-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.124-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.124-1.1.s390x"
},
"product_reference": "netty-parent-4.1.124-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.124-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.124-1.1.x86_64"
},
"product_reference": "netty-parent-4.1.124-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55163"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55163",
"url": "https://www.suse.com/security/cve/CVE-2025-55163"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-55163",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-55163",
"url": "https://bugzilla.suse.com/1244252"
},
{
"category": "external",
"summary": "SUSE Bug 1247991 for CVE-2025-55163",
"url": "https://bugzilla.suse.com/1247991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.124-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.124-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-55163"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…