Known Vulnerabilities for Jetty by Eclipse
Listed below are 10 of the newest known vulnerabilities associated with "Jetty" by "Eclipse".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5795 json | In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upo... | Not Provided | 2026-04-08 | 2026-04-08 |
| CVE-2026-2332 json | In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funk... | Not Provided | 2026-04-14 | 2026-04-15 |
| CVE-2023-44487 json | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many stre... | 7.5 - HIGH | 2023-10-10 | 2024-02-02 |
| CVE-2023-41900 json | Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to w... | 4.3 - MEDIUM | 2023-09-15 | 2023-11-10 |
| CVE-2023-40167 json | Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts th... | 5.3 - MEDIUM | 2023-09-15 | 2023-10-13 |
| CVE-2023-36479 json | Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very spe... | 4.3 - MEDIUM | 2023-09-15 | 2023-10-16 |
| CVE-2023-36478 json | Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.... | 7.5 - HIGH | 2023-10-10 | 2023-11-16 |
| CVE-2023-26049 json | Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle coo... | 5.3 - MEDIUM | 2023-04-18 | 2024-02-01 |
| CVE-2023-26048 json | Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated wit... | 5.3 - MEDIUM | 2023-04-18 | 2023-09-30 |
| CVE-2022-2191 json | In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers fro... | 7.5 - HIGH | 2022-07-07 | 2022-09-23 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eclipse | Jetty | 9.4.9 | |||
| Application | Eclipse | Jetty | 9.4.9 | |||
| Application | Eclipse | Jetty | 9.4.8 | |||
| Application | Eclipse | Jetty | 9.4.8 | |||
| Application | Eclipse | Jetty | 9.4.8 | |||
| Application | Eclipse | Jetty | 9.4.7 | |||
| Application | Eclipse | Jetty | 9.4.7 | |||
| Application | Eclipse | Jetty | 9.4.7 | |||
| Application | Eclipse | Jetty | 9.4.7 | |||
| Application | Eclipse | Jetty | 9.4.6 | |||
| Application | Eclipse | Jetty | 9.4.6 | |||
| Application | Eclipse | Jetty | 9.4.6 | |||
| Application | Eclipse | Jetty | 9.4.5 | |||
| Application | Eclipse | Jetty | 9.4.5 | |||
| Application | Eclipse | Jetty | 9.4.5 | |||
| Application | Eclipse | Jetty | 9.4.4 | |||
| Application | Eclipse | Jetty | 9.4.4 | |||
| Application | Eclipse | Jetty | 9.4.4 | |||
| Application | Eclipse | Jetty | 9.4.4 | |||
| Application | Eclipse | Jetty | 9.4.35 |