Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-2047

Опубликовано: 07 июл. 2022
Источник: redhat
CVSS3: 2.7
EPSS Низкий

Описание

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

A flaw was found in Eclipse Jetty. When parsing the authority segment of an HTTP scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This issue can lead to failures in a Proxy scenario.

Отчет

In Red Hat Satellite jetty was used to build index files to search documentation. Nowadays in Satellite 6.9 and 6.10 jetty dependency is not in use and there is no access to it, so there is no way this vulnerability can be exploitable. Therefore Satellite supported versions are not affected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2jetty-httpNot affected
OpenShift Developer Tools and ServicesjenkinsAffected
Red Hat build of Debezium 1jetty-httpNot affected
Red Hat build of Quarkusjetty-httpNot affected
Red Hat Data Grid 8jetty-httpNot affected
Red Hat Decision Manager 7jetty-httpOut of support scope
Red Hat Fuse 7jetty-httpNot affected
Red Hat Integration Camel K 1jetty-httpNot affected
Red Hat Integration Camel Quarkus 1jetty-httpNot affected
Red Hat Integration Service Registryjetty-httpOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2116949jetty-http: improver hostname input handling

EPSS

Процентиль: 78%
0.01185
Низкий

2.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-2047

CVSS3: 2.7
ubuntu
больше 3 лет назад

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

nvd логотип

CVE-2022-2047

CVSS3: 2.7
nvd
больше 3 лет назад

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

debian логотип

CVE-2022-2047

CVSS3: 2.7
debian
больше 3 лет назад

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, a ...

github логотип

GHSA-cj7v-27pg-wf7q

CVSS3: 2.7
github
больше 3 лет назад

Jetty invalid URI parsing may produce invalid HttpURI.authority

fstec логотип

BDU:2023-00477

CVSS3: 2.7
fstec
больше 3 лет назад

Уязвимость контейнера сервлетов Eclipse Jetty, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю привести к сбоям в сценарии прокси

EPSS

Процентиль: 78%
0.01185
Низкий

2.7 Low

CVSS3