pkg:Debian/jetty9

53 total CVEsCRITICAL3HIGH20MEDIUM19LOW11

✅ Check your installed version

All known vulnerabilities

  • MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
    from 0, < 9.4.50-4+deb11u1
  • CRITICAL9.8CVE-2017-7658Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
    from 0, < 9.2.25-1
  • CRITICAL9.8CVE-2017-7657Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
    from 0, < 9.2.25-1
  • CRITICAL9.4CVE-2019-17638Operation on a Resource after Expiration or Release in Jetty Server
    from 0, < 9.4.31-1
  • HIGH7.5CVE-2025-5115jetty12 - security update
    from 0, < 9.4.57-0+deb11u3
  • HIGH7.5CVE-2025-5115jetty12 - security update
    from 0, < 9.4.57-1.1~deb12u1
  • HIGH7.5CVE-2025-5115jetty12 - security update
    from 0, < 9.4.57-0+deb11u3
  • HIGH7.5CVE-2024-22201jetty9 - security update
    from 0, < 9.4.50-4+deb11u2
  • HIGH7.5CVE-2024-22201jetty9 - security update
    from 0, < 9.4.50-4+deb11u2
  • HIGH7.5CVE-2024-22201jetty9 - security update
    from 0, < 9.4.50-4+deb10u2
  • HIGH7.5CVE-2023-36478HTTP/2 HPACK integer overflow and buffer allocation
    from 0, < 9.4.50-4+deb11u1
  • HIGH7.5CVE-2023-36478HTTP/2 HPACK integer overflow and buffer allocation
    from 0, < 9.4.50-4+deb11u1
  • HIGH7.5CVE-2022-2048Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
    from 0, < 9.4.39-3+deb11u1
  • HIGH7.5CVE-2021-28165Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
    from 0, < 9.4.39-1
  • HIGH7.5CVE-2017-7656jetty9 - security update
    from 0, < 9.2.21-1+deb9u1
  • HIGH7.5CVE-2017-7656jetty9 - security update
    from 0, < 9.2.25-1
  • HIGH7.5CVE-2017-9735jetty9 - security update
    from 0, < 9.2.22-1
  • HIGH7.5CVE-2017-9735jetty9 - security update
    from 0, < 9.2.30-0+deb9u1
  • HIGH7.4CVE-2026-2332Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
    from 0
  • HIGH7.4CVE-2026-5795Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables
    from 0
  • HIGH7.2CVE-2024-13009jetty9 - security update
    from 0, < 9.4.57-0+deb11u1
  • HIGH7.2CVE-2024-13009jetty9 - security update
    from 0, < 9.4.57-0+deb12u1
  • HIGH7.2CVE-2024-13009jetty9 - security update
    from 0, < 9.4.57-0+deb11u1
  • HIGH7.0CVE-2020-27216Local Temp Directory Hijacking Vulnerability
    from 0, < 9.4.33-1
  • MEDIUM6.1CVE-2019-17632Unescaped exception messages in error responses in Jetty
    from 0, < 9.4.26-1
  • MEDIUM6.1CVE-2019-10241jetty9 - security update
    from 0, < 9.4.16-0+deb10u1
  • MEDIUM6.1CVE-2019-10241jetty9 - security update
    from 0, < 9.4.18-2
  • MEDIUM5.9CVE-2024-8184Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
    from 0, < 9.4.57-0+deb11u1
  • MEDIUM5.3CVE-2024-9823Eclipse Jetty has a denial of service vulnerability on DosFilter
    from 0, < 9.4.57-0+deb11u1
  • MEDIUM5.3CVE-2023-40167Jetty accepts "+" prefixed value in Content-Length
    from 0, < 9.4.39-3+deb11u2
  • MEDIUM5.3CVE-2023-26048jetty9 - security update
    from 0, < 9.4.16-0+deb10u3
  • MEDIUM5.3CVE-2023-26048jetty9 - security update
    from 0, < 9.4.39-3+deb11u2
  • MEDIUM5.3CVE-2023-26048jetty9 - security update
    from 0, < 9.4.39-3+deb11u2
  • MEDIUM5.3CVE-2021-34429Encoded URIs can access WEB-INF directory in Eclipse Jetty
    from 0, < 9.4.39-3
  • MEDIUM5.3CVE-2021-28169Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
    from 0, < 9.4.39-2
  • MEDIUM5.3CVE-2021-28169Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
    from 0, < 9.2.30-0+deb9u2
  • MEDIUM5.3CVE-2021-28164Authorization Before Parsing and Canonicalization in jetty
    from 0, < 9.4.39-1
  • MEDIUM5.3CVE-2020-27223DOS vulnerability for Quoted Quality CSV headers
    from 0, < 9.4.38-1
  • MEDIUM5.3CVE-2019-10247Installation information leak in Eclipse Jetty
    from 0, < 9.4.18-2
  • MEDIUM5.3CVE-2018-12536Eclipse Jetty Server generates error message containing sensitive information
    from 0, < 9.2.25-1
  • MEDIUM4.8CVE-2020-27218Buffer not correctly recycled in Gzip Request inflation
    from 0, < 9.4.50-4+deb10u1
  • MEDIUM4.8CVE-2020-27218Buffer not correctly recycled in Gzip Request inflation
    from 0, < 9.4.35-1
  • LOW3.7CVE-2025-11143org.eclipse.jetty:jetty-http has different parsing of invalid URIs
    from 0
  • LOW3.7CVE-2024-6763Eclipse Jetty URI parsing of invalid authority
    from 0
  • LOW3.5CVE-2023-41900Jetty's OpenId Revoked authentication allows one request
    from 0, < 9.4.39-3+deb11u2
  • LOW3.5CVE-2023-36479Jetty vulnerable to errant command quoting in CGI Servlet
    from 0, < 9.4.39-3+deb11u2
  • LOW3.5CVE-2021-34428SessionListener can prevent a session from being invalidated breaking logout
    from 0, < 9.4.39-2
  • LOW3.1CVE-2024-6762Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
    from 0, < 9.4.57-0+deb11u1
  • LOW2.7CVE-2022-2047Jetty invalid URI parsing may produce invalid HttpURI.authority
    from 0, < 9.4.39-3+deb11u1
  • LOW2.7CVE-2022-2047Jetty invalid URI parsing may produce invalid HttpURI.authority
    from 0, < 9.4.39-3+deb11u1
  • LOW2.7CVE-2022-2047Jetty invalid URI parsing may produce invalid HttpURI.authority
    from 0, < 9.4.16-0+deb10u2
  • LOW2.7CVE-2021-28163Directory exposure in jetty
    from 0, < 9.4.39-1
  • LOW2.4CVE-2023-26049Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
    from 0, < 9.4.39-3+deb11u2