Launch Week Day 1: Announcing Security Design Review
Start for Free
maven

org.eclipse.jetty:jetty-server

View on maven registry
26 Total advisories
26 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 7.5
Maven

CVE-2018-12545

Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
HIGH 7.5
Maven

CVE-2021-28165

Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
HIGH 7.5
Maven

CVE-2022-2191

Jetty SslConnection does not release pooled ByteBuffers in case of errors
MEDIUM 4.8
Maven

CVE-2020-27218

Buffer not correctly recycled in Gzip Request inflation
LOW 3.5
Maven

CVE-2021-34428

SessionListener can prevent a session from being invalidated breaking logout
MEDIUM 5.3
Maven

CVE-2020-27223

DOS vulnerability for Quoted Quality CSV headers
HIGH 7.5
Maven

CVE-2026-1605

The Eclipse Jetty Server Artifact has a Gzip request memory leak

LOW 2.4
Maven

CVE-2023-26049

Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
MEDIUM 5.3
Maven

CVE-2023-26048

OutOfMemoryError for large multipart without filename in Eclipse Jetty
MEDIUM 5.9
Maven

CVE-2024-8184

Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
HIGH 7.2
Maven

CVE-2024-13009

**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request
MEDIUM 5.3
Maven

CVE-2011-4461

Improper Input Validation in Jetty
CRITICAL 9.4
Maven

CVE-2019-17638

Operation on a Resource after Expiration or Release in Jetty Server
MEDIUM 5.3
Maven

CVE-2019-10247

Installation information leak in Eclipse Jetty
HIGH 8.8
Maven

CVE-2018-12538

Access and integrity issue within Eclipse Jetty
CRITICAL 9.8
Maven

CVE-2017-7657

Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
HIGH 7.5
Maven

CVE-2017-9735

Jetty vulnerable to exposure of sensitive information due to observable discrepancy
CRITICAL 9.8
Maven

CVE-2016-4800

Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
HIGH 7.5
Maven

CVE-2015-2080

Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
HIGH 7.5
Maven

CVE-2017-7656

Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)
MEDIUM 6.1
Maven

CVE-2019-10241

Cross-site Scripting in Eclipse Jetty
MEDIUM 5.3
Maven

CVE-2018-12536

Eclipse Jetty Server generates error message containing sensitive information
CRITICAL 9.8
Maven

CVE-2017-7658

Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
MEDIUM 6.1
Maven

CVE-2019-17632

Unescaped exception messages in error responses in Jetty
MEDIUM 5.3
Maven

CVE-2019-10246

Information Exposure vulnerability in Eclipse Jetty
UNKNOWN
Maven

CVE-2006-6969

Jetty Uses Predictable Session Identifiers

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes