Описание
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/xenial | ignored | |
| esm-infra-legacy/trusty | ignored | |
| esm-infra/focal | DNE | |
| focal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | not-affected | 9.2.26-1 |
| devel | not-affected | 9.2.26-1 |
| disco | not-affected | 9.2.26-1 |
| eoan | not-affected | 9.2.26-1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 9.2.26-1 |
| esm-apps/jammy | not-affected | 9.2.26-1 |
| esm-apps/noble | not-affected | 9.2.26-1 |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP ...
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
Уязвимость реализации протокола Hypertext Transfer Protocol (HTTP/1.1) контейнера сервлетов Eclipse Jetty, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)
7.5 High
CVSS2
9.8 Critical
CVSS3