Description

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

Remediation

References

https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q

https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html

https://security.netapp.com/advisory/ntap-20220901-0006/

https://www.debian.org/security/2022/dsa-5198

Related Vulnerabilities

CVE-2022-25231 Vulnerability in npm package node-opcua

CVE-2022-25901 Vulnerability in maven package org.webjars.npm:cookiejar

CVE-2018-12536 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2023-29204 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2018-14042 Vulnerability in maven package org.fujion.webjars:bootstrap

Severity

Low

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Tags

Patch Third Party Advisory Mailing List