{"api_version":"1","generated_at":"2026-04-22T19:36:25+00:00","cve":"CVE-2022-2047","urls":{"html":"https://cve.report/CVE-2022-2047","api":"https://cve.report/api/cve/CVE-2022-2047.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-2047","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-2047"},"summary":{"title":"CVE-2022-2047","description":"In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.","state":"PUBLIC","assigner":"security@eclipse.org","published_at":"2022-07-07 21:15:00","updated_at":"2022-10-25 19:10:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q","name":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q","refsource":"CONFIRM","tags":[],"title":"Invalid URI parsing may produce invalid HttpURI.authority · Advisory · eclipse/jetty.project · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20220901-0006/","name":"https://security.netapp.com/advisory/ntap-20220901-0006/","refsource":"CONFIRM","tags":[],"title":"August 2022 Eclipse Jetty Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5198","name":"DSA-5198","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5198-1 jetty9","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html","name":"[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3079-1] jetty9 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-2047","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2047","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"2047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eclipse","cpe5":"jetty","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2047","vulnerable":"1","versionEndIncluding":"11.0.9","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eclipse","cpe5":"jetty","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"element_plug-in_for_vcenter_server","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_compute_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"management_services_for_element_software_and_netapp_hci","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"snapcenter","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_\\&_hci_storage_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-2047","qid":"180910","title":"Debian Security Update for jetty9 (DSA 5198-1)"},{"cve":"CVE-2022-2047","qid":"180954","title":"Debian Security Update for jetty9 (DLA 3079-1)"},{"cve":"CVE-2022-2047","qid":"182741","title":"Debian Security Update for jetty9 (CVE-2022-2047)"},{"cve":"CVE-2022-2047","qid":"20270","title":"Oracle Database 21c Critical Patch Update - October 2022"},{"cve":"CVE-2022-2047","qid":"20271","title":"Oracle Database 19c Critical Patch Update - October 2022"},{"cve":"CVE-2022-2047","qid":"20272","title":"Oracle Database 19c Critical OJVM Patch Update - October 2022"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-2047","ASSIGNER":"security@eclipse.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"The Eclipse Foundation","product":{"product_data":[{"product_name":"Eclipse Jetty","version":{"version_data":[{"version_affected":">=","version_value":"9.4.0"},{"version_affected":"<=","version_value":"9.4.46"},{"version_affected":">=","version_value":"10.0.0"},{"version_affected":"<=","version_value":"10.0.9"},{"version_affected":">=","version_value":"11.0.0"},{"version_affected":"<=","version_value":"11.0.9"}]}}]}}]}},"description":{"description_data":[{"lang":"eng","value":"In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario."}]},"impact":{"cvss":{"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20"}]}]},"references":{"reference_data":[{"name":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q","refsource":"CONFIRM","url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q"},{"refsource":"DEBIAN","name":"DSA-5198","url":"https://www.debian.org/security/2022/dsa-5198"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update","url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20220901-0006/","url":"https://security.netapp.com/advisory/ntap-20220901-0006/"}]}},"nvd":{"publishedDate":"2022-07-07 21:15:00","lastModifiedDate":"2022-10-25 19:10:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":2.7,"baseSeverity":"LOW"},"exploitabilityScore":1.2,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.0.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionEndExcluding":"9.4.46","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.9","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}