Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-26048 (GCVE-0-2023-26048)
Vulnerability from cvelistv5 – Published: 2023-04-18 20:30 – Updated: 2025-02-13 16:44
VLAI
EPSS
Title
OutOfMemoryError for large multipart without filename in Eclipse Jetty
Summary
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/eclipse/jetty.project/security… | x_refsource_CONFIRM |
| https://github.com/eclipse/jetty.project/issues/9076 | x_refsource_MISC |
| https://github.com/eclipse/jetty.project/pull/9344 | x_refsource_MISC |
| https://github.com/eclipse/jetty.project/pull/9345 | x_refsource_MISC |
| https://github.com/jakartaee/servlet/blob/6.0.0/s… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2023052… | |
| https://www.debian.org/security/2023/dsa-5507 | |
| https://lists.debian.org/debian-lts-announce/2023… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | jetty.project |
Affected:
< 9.4.51
Affected: >= 10.0.0, < 10.0.14 Affected: >= 11.0.0, < 11.0.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
},
{
"name": "https://github.com/eclipse/jetty.project/issues/9076",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/issues/9076"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9344",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/pull/9344"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9345",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/pull/9345"
},
{
"name": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230526-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5507"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:43:53.088439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:59:53.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jetty.project",
"vendor": "eclipse",
"versions": [
{
"status": "affected",
"version": "\u003c 9.4.51"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.0.14"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.0.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T14:06:13.823Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
},
{
"name": "https://github.com/eclipse/jetty.project/issues/9076",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse/jetty.project/issues/9076"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9344",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse/jetty.project/pull/9344"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9345",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse/jetty.project/pull/9345"
},
{
"name": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0001/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5507"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
}
],
"source": {
"advisory": "GHSA-qw69-rqj8-6qw8",
"discovery": "UNKNOWN"
},
"title": "OutOfMemoryError for large multipart without filename in Eclipse Jetty"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26048",
"datePublished": "2023-04-18T20:30:20.420Z",
"dateReserved": "2023-02-17T22:44:03.150Z",
"dateUpdated": "2025-02-13T16:44:44.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-26048",
"date": "2026-06-06",
"epss": "0.43407",
"percentile": "0.97583"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.4.51\", \"matchCriteriaId\": \"5F910B13-4631-4220-A6B5-F677C5DBE1BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.0.14\", \"matchCriteriaId\": \"013DE7B6-8442-4606-955A-E4BA7B670251\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndExcluding\": \"11.0.14\", \"matchCriteriaId\": \"7E8C62A3-4CA2-4DC8-B847-14EEDF689E77\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).\"}]",
"id": "CVE-2023-26048",
"lastModified": "2024-11-21T07:50:39.493",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2023-04-18T21:15:08.977",
"references": "[{\"url\": \"https://github.com/eclipse/jetty.project/issues/9076\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/pull/9344\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/pull/9345\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Technical Description\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230526-0001/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5507\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/9076\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/pull/9344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/pull/9345\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230526-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5507\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-26048\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-04-18T21:15:08.977\",\"lastModified\":\"2024-11-21T07:50:39.493\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.51\",\"matchCriteriaId\":\"5F910B13-4631-4220-A6B5-F677C5DBE1BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.14\",\"matchCriteriaId\":\"013DE7B6-8442-4606-955A-E4BA7B670251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.14\",\"matchCriteriaId\":\"7E8C62A3-4CA2-4DC8-B847-14EEDF689E77\"}]}]}],\"references\":[{\"url\":\"https://github.com/eclipse/jetty.project/issues/9076\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/pull/9344\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/pull/9345\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230526-0001/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5507\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/eclipse/jetty.project/issues/9076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/pull/9344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/pull/9345\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230526-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"OutOfMemoryError for large multipart without filename in Eclipse Jetty\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-400\", \"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\"}, {\"name\": \"https://github.com/eclipse/jetty.project/issues/9076\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/eclipse/jetty.project/issues/9076\"}, {\"name\": \"https://github.com/eclipse/jetty.project/pull/9344\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/eclipse/jetty.project/pull/9344\"}, {\"name\": \"https://github.com/eclipse/jetty.project/pull/9345\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/eclipse/jetty.project/pull/9345\"}, {\"name\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230526-0001/\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5507\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\"}], \"affected\": [{\"vendor\": \"eclipse\", \"product\": \"jetty.project\", \"versions\": [{\"version\": \"\u003c 9.4.51\", \"status\": \"affected\"}, {\"version\": \"\u003e= 10.0.0, \u003c 10.0.14\", \"status\": \"affected\"}, {\"version\": \"\u003e= 11.0.0, \u003c 11.0.14\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-04-18T20:30:20.420Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).\"}], \"source\": {\"advisory\": \"GHSA-qw69-rqj8-6qw8\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:39:06.487Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8\"}, {\"name\": \"https://github.com/eclipse/jetty.project/issues/9076\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/eclipse/jetty.project/issues/9076\"}, {\"name\": \"https://github.com/eclipse/jetty.project/pull/9344\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/eclipse/jetty.project/pull/9344\"}, {\"name\": \"https://github.com/eclipse/jetty.project/pull/9345\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/eclipse/jetty.project/pull/9345\"}, {\"name\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230526-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5507\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-26048\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-05T19:43:53.088439Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-12T15:59:49.137Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2023-26048\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2023-02-17T22:44:03.150Z\", \"datePublished\": \"2023-04-18T20:30:20.420Z\", \"dateUpdated\": \"2025-02-12T15:59:53.627Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0145
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | N/A | IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05 | ||
| IBM | QRadar | IBM QRadar Use Case Manager App versions antérieures à 3.9.0 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | WebSphere | IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22 | ||
| IBM | Db2 | IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
| IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20 | ||
| IBM | QRadar WinCollect Agent | IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9 | ||
| IBM | Spectrum | IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF05",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 3.9.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.1.x.x ant\u00e9rieures \u00e0 6.1.0.23",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.3.x.x ant\u00e9rieures \u00e0 6.3.0.6",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct Web Services versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.22",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.x.x ant\u00e9rieures \u00e0 5.1.2.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar WinCollect Agent versions 10.0.x ant\u00e9rieures \u00e0 10.1.9",
"product": {
"name": "QRadar WinCollect Agent",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Scale versions 5.1.3.x ant\u00e9rieures \u00e0 5.1.9.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-6681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6681"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2023-34053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34053"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2023-46308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46308"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47747"
},
{
"name": "CVE-2023-47158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47158"
},
{
"name": "CVE-2022-23529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23529"
},
{
"name": "CVE-2023-34054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34054"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-46167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2023-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-50308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50308"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2023-40687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2020-28367",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28367"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-23541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-32559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32559"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2023-4586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4586"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2022-29244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29244"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-47746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47746"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38552"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2022-23540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-37276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37276"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2023-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47141"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
},
{
"name": "CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"name": "CVE-2023-45193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45193"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2023-47145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47145"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-22190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22190"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2020-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2020-19909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19909"
},
{
"name": "CVE-2022-48337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48337"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2022-23539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2020-29510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29510"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-48339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2020-24553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24553"
},
{
"name": "CVE-2023-29258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2023-34062",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34062"
},
{
"name": "CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-36046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36046"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-27859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27859"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2023-32006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32006"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-36665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36665"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2023-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39331"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2020-14039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14039"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-47152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47152"
},
{
"name": "CVE-2023-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32002"
},
{
"name": "CVE-2020-28366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28366"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0145",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117872 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117872"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118592 du 16 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118592"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117873 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117873"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118289 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118289"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7118351 du 15 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7118351"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117821 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117821"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117883 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117883"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117881 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117881"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7117884 du 14 f\u00e9vrier 2024",
"url": "https://www.ibm.com/support/pages/node/7117884"
}
]
}
CERTFR-2024-AVI-0923
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Express pour UNIX versions 1.5.x antérieures à 1.5.0.17010 | ||
| IBM | QRadar | QRadar Assistant versions antérieures à 3.8.1 | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (Android) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 GA | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.5.0 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (iOS) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 GA |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Express pour UNIX versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.17010",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.8.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (Android) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 ",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (iOS) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0144"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2023-25166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25166"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-28856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28856"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2018-12538",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12538"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2022-36943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36943"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38009"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-29622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29622"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-45145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2023-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43383"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2018-12545",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-41784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41784"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2022-24834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"name": "CVE-2022-24736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24736"
},
{
"name": "CVE-2024-25042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25042"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2020-15168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15168"
},
{
"name": "CVE-2023-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29262"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2022-24735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24735"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2012-2677",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2677"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0923",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173631",
"url": "https://www.ibm.com/support/pages/node/7173631"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174016",
"url": "https://www.ibm.com/support/pages/node/7174016"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174015",
"url": "https://www.ibm.com/support/pages/node/7174015"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173632",
"url": "https://www.ibm.com/support/pages/node/7173632"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172691",
"url": "https://www.ibm.com/support/pages/node/7172691"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172692",
"url": "https://www.ibm.com/support/pages/node/7172692"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173592",
"url": "https://www.ibm.com/support/pages/node/7173592"
},
{
"published_at": "2024-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173866",
"url": "https://www.ibm.com/support/pages/node/7173866"
}
]
}
CERTFR-2025-AVI-0255
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP11 IF02 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.x antérieures à 25.0.0.3 sans le correctif PH65394 ou antérieures à 25.0.0.4 (disponible au deuxième trimestre 2025) | ||
| IBM | Sterling | Sterling Connect:Direct pour HP NonStop versions 3.6.x antérieures à 3.6.0.6 iFix000 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.2.1.x antérieures à 6.2.1.0 iFix15 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix04 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP11 IF02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.x ant\u00e9rieures \u00e0 25.0.0.3 sans le correctif PH65394 ou ant\u00e9rieures \u00e0 25.0.0.4 (disponible au deuxi\u00e8me trimestre 2025)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour HP NonStop versions 3.6.x ant\u00e9rieures \u00e0 3.6.0.6 iFix000",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.0 iFix15",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix04",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2022-45688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-26935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26935"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2023-28439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28439"
},
{
"name": "CVE-2024-46695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46695"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-3661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3661"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0255",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7228857",
"url": "https://www.ibm.com/support/pages/node/7228857"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184085",
"url": "https://www.ibm.com/support/pages/node/7184085"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229079",
"url": "https://www.ibm.com/support/pages/node/7229079"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229377",
"url": "https://www.ibm.com/support/pages/node/7229377"
},
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7228856",
"url": "https://www.ibm.com/support/pages/node/7228856"
}
]
}
cleanstart-2026-sq91016
Vulnerability from cleanstart
Published
2026-05-18 13:11
Modified
2026-05-14 06:09
Summary
Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq applied in versions: 4.0.0-r0, 4.0.0-r1
Details
Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "apache-hive"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.0-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-SQ91016",
"modified": "2026-05-14T06:09:00Z",
"published": "2026-05-18T13:11:46.835215Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SQ91016.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10237"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22569"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22570"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-2047"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3509"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3510"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-36364"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-20861"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-20863"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26048"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26049"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36479"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-40167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41900"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-42503"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44981"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23454"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23944"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-25710"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-26308"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29131"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29133"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38808"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38827"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47561"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-52046"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7254"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22233"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-27821"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-41249"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49128"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-53864"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55163"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59419"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24308"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-58qw-p7qm-5rvh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22570"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2047"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36364"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41900"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42503"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23454"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23944"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38808"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38827"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52046"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22233"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27821"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41249"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49128"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq applied in versions: 4.0.0-r0, 4.0.0-r1",
"upstream": [
"CVE-2018-10237",
"CVE-2020-8908",
"CVE-2021-22569",
"CVE-2021-22570",
"CVE-2022-2047",
"CVE-2022-3171",
"CVE-2022-3509",
"CVE-2022-3510",
"CVE-2022-36364",
"CVE-2022-41881",
"CVE-2023-20861",
"CVE-2023-20863",
"CVE-2023-26048",
"CVE-2023-26049",
"CVE-2023-2976",
"CVE-2023-34462",
"CVE-2023-36479",
"CVE-2023-40167",
"CVE-2023-41900",
"CVE-2023-42503",
"CVE-2023-44981",
"CVE-2024-13009",
"CVE-2024-23454",
"CVE-2024-23944",
"CVE-2024-25710",
"CVE-2024-26308",
"CVE-2024-29131",
"CVE-2024-29133",
"CVE-2024-38808",
"CVE-2024-38820",
"CVE-2024-38827",
"CVE-2024-47554",
"CVE-2024-47561",
"CVE-2024-52046",
"CVE-2024-6763",
"CVE-2024-7254",
"CVE-2024-8184",
"CVE-2025-11143",
"CVE-2025-22233",
"CVE-2025-24970",
"CVE-2025-25193",
"CVE-2025-27821",
"CVE-2025-41249",
"CVE-2025-48734",
"CVE-2025-48924",
"CVE-2025-49128",
"CVE-2025-52999",
"CVE-2025-53864",
"CVE-2025-55163",
"CVE-2025-58056",
"CVE-2025-58057",
"CVE-2025-59419",
"CVE-2025-67735",
"CVE-2025-68161",
"CVE-2025-8916",
"CVE-2026-24281",
"CVE-2026-24308",
"CVE-2026-33870",
"CVE-2026-33871",
"CVE-2026-5588",
"ghsa-58qw-p7qm-5rvh",
"ghsa-72hv-8253-57qq"
]
}
cleanstart-2026-wk99982
Vulnerability from cleanstart
Published
2026-05-18 13:11
Modified
2026-05-14 06:06
Summary
Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-40490, CVE-2026-41417, CVE-2026-42578, CVE-2026-42579, CVE-2026-42583, CVE-2026-42586, CVE-2026-44248, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq, ghsa-mj4r-2hfc-f8p6 applied in versions: 4.0.1-r0, 4.0.1-r1, 4.0.1-r2
Details
Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "apache-hive"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.1-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WK99982",
"modified": "2026-05-14T06:06:15Z",
"published": "2026-05-18T13:11:47.355078Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WK99982.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10237"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22569"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22570"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-2047"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3509"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3510"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-36364"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-20861"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-20863"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26048"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26049"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36479"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-40167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41900"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-42503"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44981"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23454"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23944"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-25710"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-26308"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29131"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29133"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38808"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38827"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47561"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-52046"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7254"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22233"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-27821"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-41249"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49128"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-53864"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55163"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59419"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24308"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-40490"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42586"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44248"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-58qw-p7qm-5rvh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22570"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2047"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36364"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41900"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42503"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23454"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23944"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38808"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38827"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52046"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22233"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27821"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41249"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49128"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40490"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42586"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44248"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-40490, CVE-2026-41417, CVE-2026-42578, CVE-2026-42579, CVE-2026-42583, CVE-2026-42586, CVE-2026-44248, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq, ghsa-mj4r-2hfc-f8p6 applied in versions: 4.0.1-r0, 4.0.1-r1, 4.0.1-r2",
"upstream": [
"CVE-2018-10237",
"CVE-2020-8908",
"CVE-2021-22569",
"CVE-2021-22570",
"CVE-2022-2047",
"CVE-2022-3171",
"CVE-2022-3509",
"CVE-2022-3510",
"CVE-2022-36364",
"CVE-2022-41881",
"CVE-2023-20861",
"CVE-2023-20863",
"CVE-2023-26048",
"CVE-2023-26049",
"CVE-2023-2976",
"CVE-2023-34462",
"CVE-2023-36479",
"CVE-2023-40167",
"CVE-2023-41900",
"CVE-2023-42503",
"CVE-2023-44981",
"CVE-2024-13009",
"CVE-2024-23454",
"CVE-2024-23944",
"CVE-2024-25710",
"CVE-2024-26308",
"CVE-2024-29131",
"CVE-2024-29133",
"CVE-2024-38808",
"CVE-2024-38820",
"CVE-2024-38827",
"CVE-2024-47554",
"CVE-2024-47561",
"CVE-2024-52046",
"CVE-2024-6763",
"CVE-2024-7254",
"CVE-2024-8184",
"CVE-2025-11143",
"CVE-2025-22233",
"CVE-2025-24970",
"CVE-2025-25193",
"CVE-2025-27821",
"CVE-2025-41249",
"CVE-2025-48734",
"CVE-2025-48924",
"CVE-2025-49128",
"CVE-2025-52999",
"CVE-2025-53864",
"CVE-2025-55163",
"CVE-2025-58056",
"CVE-2025-58057",
"CVE-2025-59419",
"CVE-2025-67735",
"CVE-2025-68161",
"CVE-2025-8916",
"CVE-2026-24281",
"CVE-2026-24308",
"CVE-2026-33870",
"CVE-2026-33871",
"CVE-2026-40490",
"CVE-2026-41417",
"CVE-2026-42578",
"CVE-2026-42579",
"CVE-2026-42583",
"CVE-2026-42586",
"CVE-2026-44248",
"CVE-2026-5588",
"ghsa-58qw-p7qm-5rvh",
"ghsa-72hv-8253-57qq",
"ghsa-mj4r-2hfc-f8p6"
]
}
FKIE_CVE-2023-26048
Vulnerability from fkie_nvd - Published: 2023-04-18 21:15 - Updated: 2024-11-21 07:50
Severity
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/eclipse/jetty.project/issues/9076 | Patch | |
| security-advisories@github.com | https://github.com/eclipse/jetty.project/pull/9344 | Patch | |
| security-advisories@github.com | https://github.com/eclipse/jetty.project/pull/9345 | Patch | |
| security-advisories@github.com | https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8 | Vendor Advisory | |
| security-advisories@github.com | https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload | Technical Description | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html | ||
| security-advisories@github.com | https://security.netapp.com/advisory/ntap-20230526-0001/ | ||
| security-advisories@github.com | https://www.debian.org/security/2023/dsa-5507 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse/jetty.project/issues/9076 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse/jetty.project/pull/9344 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse/jetty.project/pull/9345 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230526-0001/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5507 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F910B13-4631-4220-A6B5-F677C5DBE1BC",
"versionEndExcluding": "9.4.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "013DE7B6-8442-4606-955A-E4BA7B670251",
"versionEndExcluding": "10.0.14",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8C62A3-4CA2-4DC8-B847-14EEDF689E77",
"versionEndExcluding": "11.0.14",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory)."
}
],
"id": "CVE-2023-26048",
"lastModified": "2024-11-21T07:50:39.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-18T21:15:08.977",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse/jetty.project/issues/9076"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse/jetty.project/pull/9344"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse/jetty.project/pull/9345"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
],
"url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
},
{
"source": "security-advisories@github.com",
"url": "https://security.netapp.com/advisory/ntap-20230526-0001/"
},
{
"source": "security-advisories@github.com",
"url": "https://www.debian.org/security/2023/dsa-5507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse/jetty.project/issues/9076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse/jetty.project/pull/9344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse/jetty.project/pull/9345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230526-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2023/dsa-5507"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-QW69-RQJ8-6QW8
Vulnerability from github – Published: 2023-04-19 18:15 – Updated: 2023-04-19 18:15
VLAI
Summary
OutOfMemoryError for large multipart without filename in Eclipse Jetty
Details
Impact
Servlets with multipart support (e.g. annotated with @MultipartConfig) that call HttpServletRequest.getParameter() or HttpServletRequest.getParts() may cause OutOfMemoryError when the client sends a multipart request with a part that has a name but no filename and a very large content.
This happens even with the default settings of fileSizeThreshold=0 which should stream the whole part content to disk.
An attacker client may send a large multipart request and cause the server to throw OutOfMemoryError.
However, the server may be able to recover after the OutOfMemoryError and continue its service -- although it may take some time.
A very large number of parts may cause the same problem.
Patches
Patched in Jetty versions
- 9.4.51.v20230217 - via PR #9345
- 10.0.14 - via PR #9344
- 11.0.14 - via PR #9344
Workarounds
Multipart parameter maxRequestSize must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
Limiting multipart parameter maxFileSize won't be enough because an attacker can send a large number of parts that summed up will cause memory issues.
References
- https://github.com/eclipse/jetty.project/issues/9076
- https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload
Severity
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.4.51.v20230217"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-server"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-server"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-26048"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-19T18:15:45Z",
"nvd_published_at": "2023-04-18T21:15:08Z",
"severity": "MODERATE"
},
"details": "### Impact\nServlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content.\n\nThis happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk.\n\nAn attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`.\nHowever, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time.\n\nA very large number of parts may cause the same problem.\n\n### Patches\nPatched in Jetty versions\n\n* 9.4.51.v20230217 - via PR #9345\n* 10.0.14 - via PR #9344\n* 11.0.14 - via PR #9344\n\n### Workarounds\nMultipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).\nLimiting multipart parameter `maxFileSize` won\u0027t be enough because an attacker can send a large number of parts that summed up will cause memory issues.\n\n### References\n* https://github.com/eclipse/jetty.project/issues/9076\n* https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\n",
"id": "GHSA-qw69-rqj8-6qw8",
"modified": "2023-04-19T18:15:45Z",
"published": "2023-04-19T18:15:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"type": "WEB",
"url": "https://github.com/eclipse/jetty.project/issues/9076"
},
{
"type": "WEB",
"url": "https://github.com/eclipse/jetty.project/pull/9344"
},
{
"type": "WEB",
"url": "https://github.com/eclipse/jetty.project/pull/9345"
},
{
"type": "PACKAGE",
"url": "https://github.com/eclipse/jetty.project"
},
{
"type": "WEB",
"url": "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217"
},
{
"type": "WEB",
"url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230526-0001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5507"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "OutOfMemoryError for large multipart without filename in Eclipse Jetty"
}
GSD-2023-26048
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-26048",
"id": "GSD-2023-26048"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-26048"
],
"details": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
"id": "GSD-2023-26048",
"modified": "2023-12-13T01:20:54.113003Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-26048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jetty.project",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 9.4.51"
},
{
"version_affected": "=",
"version_value": "\u003e= 10.0.0, \u003c 10.0.14"
},
{
"version_affected": "=",
"version_value": "\u003e= 11.0.0, \u003c 11.0.14"
}
]
}
}
]
},
"vendor_name": "eclipse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory)."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-400",
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"refsource": "MISC",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
},
{
"name": "https://github.com/eclipse/jetty.project/issues/9076",
"refsource": "MISC",
"url": "https://github.com/eclipse/jetty.project/issues/9076"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9344",
"refsource": "MISC",
"url": "https://github.com/eclipse/jetty.project/pull/9344"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9345",
"refsource": "MISC",
"url": "https://github.com/eclipse/jetty.project/pull/9345"
},
{
"name": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"refsource": "MISC",
"url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230526-0001/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20230526-0001/"
},
{
"name": "https://www.debian.org/security/2023/dsa-5507",
"refsource": "MISC",
"url": "https://www.debian.org/security/2023/dsa-5507"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
}
]
},
"source": {
"advisory": "GHSA-qw69-rqj8-6qw8",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,9.4.51),[10.0.0,10.0.14),[11.0.0,11.0.14)",
"affected_versions": "All versions before 9.4.51, all versions starting from 10.0.0 before 10.0.14, all versions starting from 11.0.0 before 11.0.14",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-05-26",
"description": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
"fixed_versions": [
"9.4.51.v20230217",
"10.0.14",
"11.0.14"
],
"identifier": "CVE-2023-26048",
"identifiers": [
"CVE-2023-26048",
"GHSA-qw69-rqj8-6qw8"
],
"not_impacted": "All versions starting from 9.4.51 before 10.0.0, all versions starting from 10.0.14 before 11.0.0, all versions starting from 11.0.14",
"package_slug": "maven/org.eclipse.jetty/jetty-client",
"pubdate": "2023-04-18",
"solution": "Upgrade to versions 9.4.51.v20230217, 10.0.14, 11.0.14 or above.",
"title": "Allocation of Resources Without Limits or Throttling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"https://github.com/eclipse/jetty.project/pull/9345",
"https://github.com/eclipse/jetty.project/pull/9344",
"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"https://github.com/eclipse/jetty.project/issues/9076"
],
"uuid": "aeea7dc0-a413-4327-803c-f44c851c6a2b"
},
{
"affected_range": "(,9.4.51),[10.0.0,10.0.14),[11.0.0,11.0.14)",
"affected_versions": "All versions before 9.4.51, all versions starting from 10.0.0 before 10.0.14, all versions starting from 11.0.0 before 11.0.14",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-05-26",
"description": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
"fixed_versions": [
"9.4.51.v20230217",
"10.0.14",
"11.0.14"
],
"identifier": "CVE-2023-26048",
"identifiers": [
"CVE-2023-26048",
"GHSA-qw69-rqj8-6qw8"
],
"not_impacted": "All versions starting from 9.4.51 before 10.0.0, all versions starting from 10.0.14 before 11.0.0, all versions starting from 11.0.14",
"package_slug": "maven/org.eclipse.jetty/jetty-deploy",
"pubdate": "2023-04-18",
"solution": "Upgrade to versions 9.4.51.v20230217, 10.0.14, 11.0.14 or above.",
"title": "Allocation of Resources Without Limits or Throttling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"https://github.com/eclipse/jetty.project/pull/9345",
"https://github.com/eclipse/jetty.project/pull/9344",
"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"https://github.com/eclipse/jetty.project/issues/9076"
],
"uuid": "ace90f07-8b9f-47ad-8c64-ba21150977a5"
},
{
"affected_range": "(,9.4.51),[10.0.0,10.0.14),[11.0.0,11.0.14)",
"affected_versions": "All versions before 9.4.51, all versions starting from 10.0.0 before 10.0.14, all versions starting from 11.0.0 before 11.0.14",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-05-26",
"description": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
"fixed_versions": [
"9.4.51.v20230217",
"10.0.14",
"11.0.14"
],
"identifier": "CVE-2023-26048",
"identifiers": [
"CVE-2023-26048",
"GHSA-qw69-rqj8-6qw8"
],
"not_impacted": "All versions starting from 9.4.51 before 10.0.0, all versions starting from 10.0.14 before 11.0.0, all versions starting from 11.0.14",
"package_slug": "maven/org.eclipse.jetty/jetty-http",
"pubdate": "2023-04-18",
"solution": "Upgrade to versions 9.4.51.v20230217, 10.0.14, 11.0.14 or above.",
"title": "Allocation of Resources Without Limits or Throttling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"https://github.com/eclipse/jetty.project/pull/9345",
"https://github.com/eclipse/jetty.project/pull/9344",
"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"https://github.com/eclipse/jetty.project/issues/9076"
],
"uuid": "f28247aa-0f94-4e57-8596-637d83b6f08c"
},
{
"affected_range": "(,9.4.51),[10.0.0,10.0.14),[11.0.0,11.0.14)",
"affected_versions": "All versions before 9.4.51, all versions starting from 10.0.0 before 10.0.14, all versions starting from 11.0.0 before 11.0.14",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-05-26",
"description": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
"fixed_versions": [
"9.4.51.v20230217",
"10.0.14",
"11.0.14"
],
"identifier": "CVE-2023-26048",
"identifiers": [
"CVE-2023-26048",
"GHSA-qw69-rqj8-6qw8"
],
"not_impacted": "All versions starting from 9.4.51 before 10.0.0, all versions starting from 10.0.14 before 11.0.0, all versions starting from 11.0.14",
"package_slug": "maven/org.eclipse.jetty/jetty-io",
"pubdate": "2023-04-18",
"solution": "Upgrade to versions 9.4.51.v20230217, 10.0.14, 11.0.14 or above.",
"title": "Allocation of Resources Without Limits or Throttling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"https://github.com/eclipse/jetty.project/pull/9345",
"https://github.com/eclipse/jetty.project/pull/9344",
"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"https://github.com/eclipse/jetty.project/issues/9076"
],
"uuid": "8b44d1f1-fadb-423d-ab05-ddbb88612d49"
},
{
"affected_range": "(,9.4.51),[10.0.0,10.0.14),[11.0.0,11.0.14)",
"affected_versions": "All versions before 9.4.51, all versions starting from 10.0.0 before 10.0.14, all versions starting from 11.0.0 before 11.0.14",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-05-26",
"description": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
"fixed_versions": [
"9.4.51.v20230217",
"10.0.14",
"11.0.14"
],
"identifier": "CVE-2023-26048",
"identifiers": [
"CVE-2023-26048",
"GHSA-qw69-rqj8-6qw8"
],
"not_impacted": "All versions starting from 9.4.51 before 10.0.0, all versions starting from 10.0.14 before 11.0.0, all versions starting from 11.0.14",
"package_slug": "maven/org.eclipse.jetty/jetty-server",
"pubdate": "2023-04-18",
"solution": "Upgrade to versions 9.4.51.v20230217, 10.0.14, 11.0.14 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"https://github.com/eclipse/jetty.project/issues/9076",
"https://github.com/eclipse/jetty.project/pull/9344",
"https://github.com/eclipse/jetty.project/pull/9345",
"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"https://github.com/advisories/GHSA-qw69-rqj8-6qw8"
],
"uuid": "9b33f001-f6d2-4a33-8224-3d349a1fca7b"
},
{
"affected_range": "(,9.4.51),[10.0.0,10.0.14),[11.0.0,11.0.14)",
"affected_versions": "All versions before 9.4.51, all versions starting from 10.0.0 before 10.0.14, all versions starting from 11.0.0 before 11.0.14",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-05-26",
"description": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
"fixed_versions": [
"9.4.51.v20230217",
"10.0.14",
"11.0.14"
],
"identifier": "CVE-2023-26048",
"identifiers": [
"CVE-2023-26048",
"GHSA-qw69-rqj8-6qw8"
],
"not_impacted": "All versions starting from 9.4.51 before 10.0.0, all versions starting from 10.0.14 before 11.0.0, all versions starting from 11.0.14",
"package_slug": "maven/org.eclipse.jetty/jetty-servlets",
"pubdate": "2023-04-18",
"solution": "Upgrade to versions 9.4.51.v20230217, 10.0.14, 11.0.14 or above.",
"title": "Allocation of Resources Without Limits or Throttling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"https://github.com/eclipse/jetty.project/pull/9345",
"https://github.com/eclipse/jetty.project/pull/9344",
"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"https://github.com/eclipse/jetty.project/issues/9076"
],
"uuid": "3a6dd95d-ede9-4734-9ce0-7f67443277aa"
},
{
"affected_range": "(,9.4.51),[10.0.0,10.0.14),[11.0.0,11.0.14)",
"affected_versions": "All versions before 9.4.51, all versions starting from 10.0.0 before 10.0.14, all versions starting from 11.0.0 before 11.0.14",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-05-26",
"description": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
"fixed_versions": [
"9.4.51.v20230217",
"10.0.14",
"11.0.14"
],
"identifier": "CVE-2023-26048",
"identifiers": [
"CVE-2023-26048",
"GHSA-qw69-rqj8-6qw8"
],
"not_impacted": "All versions starting from 9.4.51 before 10.0.0, all versions starting from 10.0.14 before 11.0.0, all versions starting from 11.0.14",
"package_slug": "maven/org.eclipse.jetty/jetty-util",
"pubdate": "2023-04-18",
"solution": "Upgrade to versions 9.4.51.v20230217, 10.0.14, 11.0.14 or above.",
"title": "Allocation of Resources Without Limits or Throttling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"https://github.com/eclipse/jetty.project/pull/9345",
"https://github.com/eclipse/jetty.project/pull/9344",
"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"https://github.com/eclipse/jetty.project/issues/9076"
],
"uuid": "3d81d28b-858f-46c7-9d77-fcf0e38dffb2"
},
{
"affected_range": "(,9.4.51),[10.0.0,10.0.14),[11.0.0,11.0.14)",
"affected_versions": "All versions before 9.4.51, all versions starting from 10.0.0 before 10.0.14, all versions starting from 11.0.0 before 11.0.14",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-05-26",
"description": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
"fixed_versions": [
"9.4.51.v20230217",
"10.0.14",
"11.0.14"
],
"identifier": "CVE-2023-26048",
"identifiers": [
"CVE-2023-26048",
"GHSA-qw69-rqj8-6qw8"
],
"not_impacted": "All versions starting from 9.4.51 before 10.0.0, all versions starting from 10.0.14 before 11.0.0, all versions starting from 11.0.14",
"package_slug": "maven/org.eclipse.jetty/jetty-webapp",
"pubdate": "2023-04-18",
"solution": "Upgrade to versions 9.4.51.v20230217, 10.0.14, 11.0.14 or above.",
"title": "Allocation of Resources Without Limits or Throttling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"https://github.com/eclipse/jetty.project/pull/9345",
"https://github.com/eclipse/jetty.project/pull/9344",
"https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"https://github.com/eclipse/jetty.project/issues/9076"
],
"uuid": "644a7041-df60-4320-a8c7-218532a6864f"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.0.14",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.14",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.51",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-26048"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"refsource": "MISC",
"tags": [
"Technical Description"
],
"url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9345",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse/jetty.project/pull/9345"
},
{
"name": "https://github.com/eclipse/jetty.project/pull/9344",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse/jetty.project/pull/9344"
},
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
},
{
"name": "https://github.com/eclipse/jetty.project/issues/9076",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse/jetty.project/issues/9076"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230526-0001/",
"refsource": "MISC",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20230526-0001/"
},
{
"name": "https://www.debian.org/security/2023/dsa-5507",
"refsource": "MISC",
"tags": [],
"url": "https://www.debian.org/security/2023/dsa-5507"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html",
"refsource": "MISC",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-09-30T15:15Z",
"publishedDate": "2023-04-18T21:15Z"
}
}
}
OPENSUSE-SU-2024:12949-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
jetty-annotations-9.4.51-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: jetty-annotations-9.4.51-1.1 on GA media
Description of the patch: These are all security issues fixed in the jetty-annotations-9.4.51-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12949
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-26048/ | self |
| https://www.suse.com/security/cve/CVE-2023-26049/ | self |
| https://www.suse.com/security/cve/CVE-2023-26048 | external |
| https://bugzilla.suse.com/1210620 | external |
| https://www.suse.com/security/cve/CVE-2023-26049 | external |
| https://bugzilla.suse.com/1210621 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jetty-annotations-9.4.51-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jetty-annotations-9.4.51-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12949",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12949-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-26048 page",
"url": "https://www.suse.com/security/cve/CVE-2023-26048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-26049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-26049/"
}
],
"title": "jetty-annotations-9.4.51-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12949-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-annotations-9.4.51-1.1.aarch64",
"product_id": "jetty-annotations-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-ant-9.4.51-1.1.aarch64",
"product_id": "jetty-ant-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-cdi-9.4.51-1.1.aarch64",
"product_id": "jetty-cdi-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-client-9.4.51-1.1.aarch64",
"product_id": "jetty-client-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-continuation-9.4.51-1.1.aarch64",
"product_id": "jetty-continuation-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-deploy-9.4.51-1.1.aarch64",
"product_id": "jetty-deploy-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-fcgi-9.4.51-1.1.aarch64",
"product_id": "jetty-fcgi-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-http-9.4.51-1.1.aarch64",
"product_id": "jetty-http-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-http-spi-9.4.51-1.1.aarch64",
"product_id": "jetty-http-spi-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-io-9.4.51-1.1.aarch64",
"product_id": "jetty-io-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-jaas-9.4.51-1.1.aarch64",
"product_id": "jetty-jaas-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-jmx-9.4.51-1.1.aarch64",
"product_id": "jetty-jmx-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-jndi-9.4.51-1.1.aarch64",
"product_id": "jetty-jndi-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-jsp-9.4.51-1.1.aarch64",
"product_id": "jetty-jsp-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-minimal-javadoc-9.4.51-1.1.aarch64",
"product_id": "jetty-minimal-javadoc-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-openid-9.4.51-1.1.aarch64",
"product_id": "jetty-openid-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-plus-9.4.51-1.1.aarch64",
"product_id": "jetty-plus-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-proxy-9.4.51-1.1.aarch64",
"product_id": "jetty-proxy-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-quickstart-9.4.51-1.1.aarch64",
"product_id": "jetty-quickstart-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-rewrite-9.4.51-1.1.aarch64",
"product_id": "jetty-rewrite-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-security-9.4.51-1.1.aarch64",
"product_id": "jetty-security-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-server-9.4.51-1.1.aarch64",
"product_id": "jetty-server-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-servlet-9.4.51-1.1.aarch64",
"product_id": "jetty-servlet-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-servlets-9.4.51-1.1.aarch64",
"product_id": "jetty-servlets-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-start-9.4.51-1.1.aarch64",
"product_id": "jetty-start-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-util-9.4.51-1.1.aarch64",
"product_id": "jetty-util-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-util-ajax-9.4.51-1.1.aarch64",
"product_id": "jetty-util-ajax-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-webapp-9.4.51-1.1.aarch64",
"product_id": "jetty-webapp-9.4.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.51-1.1.aarch64",
"product": {
"name": "jetty-xml-9.4.51-1.1.aarch64",
"product_id": "jetty-xml-9.4.51-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-annotations-9.4.51-1.1.ppc64le",
"product_id": "jetty-annotations-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-ant-9.4.51-1.1.ppc64le",
"product_id": "jetty-ant-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-cdi-9.4.51-1.1.ppc64le",
"product_id": "jetty-cdi-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-client-9.4.51-1.1.ppc64le",
"product_id": "jetty-client-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-continuation-9.4.51-1.1.ppc64le",
"product_id": "jetty-continuation-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-deploy-9.4.51-1.1.ppc64le",
"product_id": "jetty-deploy-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-fcgi-9.4.51-1.1.ppc64le",
"product_id": "jetty-fcgi-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-http-9.4.51-1.1.ppc64le",
"product_id": "jetty-http-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-http-spi-9.4.51-1.1.ppc64le",
"product_id": "jetty-http-spi-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-io-9.4.51-1.1.ppc64le",
"product_id": "jetty-io-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-jaas-9.4.51-1.1.ppc64le",
"product_id": "jetty-jaas-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-jmx-9.4.51-1.1.ppc64le",
"product_id": "jetty-jmx-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-jndi-9.4.51-1.1.ppc64le",
"product_id": "jetty-jndi-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-jsp-9.4.51-1.1.ppc64le",
"product_id": "jetty-jsp-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-minimal-javadoc-9.4.51-1.1.ppc64le",
"product_id": "jetty-minimal-javadoc-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-openid-9.4.51-1.1.ppc64le",
"product_id": "jetty-openid-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-plus-9.4.51-1.1.ppc64le",
"product_id": "jetty-plus-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-proxy-9.4.51-1.1.ppc64le",
"product_id": "jetty-proxy-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-quickstart-9.4.51-1.1.ppc64le",
"product_id": "jetty-quickstart-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-rewrite-9.4.51-1.1.ppc64le",
"product_id": "jetty-rewrite-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-security-9.4.51-1.1.ppc64le",
"product_id": "jetty-security-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-server-9.4.51-1.1.ppc64le",
"product_id": "jetty-server-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-servlet-9.4.51-1.1.ppc64le",
"product_id": "jetty-servlet-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-servlets-9.4.51-1.1.ppc64le",
"product_id": "jetty-servlets-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-start-9.4.51-1.1.ppc64le",
"product_id": "jetty-start-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-util-9.4.51-1.1.ppc64le",
"product_id": "jetty-util-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-util-ajax-9.4.51-1.1.ppc64le",
"product_id": "jetty-util-ajax-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-webapp-9.4.51-1.1.ppc64le",
"product_id": "jetty-webapp-9.4.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.51-1.1.ppc64le",
"product": {
"name": "jetty-xml-9.4.51-1.1.ppc64le",
"product_id": "jetty-xml-9.4.51-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.51-1.1.s390x",
"product": {
"name": "jetty-annotations-9.4.51-1.1.s390x",
"product_id": "jetty-annotations-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.51-1.1.s390x",
"product": {
"name": "jetty-ant-9.4.51-1.1.s390x",
"product_id": "jetty-ant-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.51-1.1.s390x",
"product": {
"name": "jetty-cdi-9.4.51-1.1.s390x",
"product_id": "jetty-cdi-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.51-1.1.s390x",
"product": {
"name": "jetty-client-9.4.51-1.1.s390x",
"product_id": "jetty-client-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.51-1.1.s390x",
"product": {
"name": "jetty-continuation-9.4.51-1.1.s390x",
"product_id": "jetty-continuation-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.51-1.1.s390x",
"product": {
"name": "jetty-deploy-9.4.51-1.1.s390x",
"product_id": "jetty-deploy-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.51-1.1.s390x",
"product": {
"name": "jetty-fcgi-9.4.51-1.1.s390x",
"product_id": "jetty-fcgi-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.51-1.1.s390x",
"product": {
"name": "jetty-http-9.4.51-1.1.s390x",
"product_id": "jetty-http-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.51-1.1.s390x",
"product": {
"name": "jetty-http-spi-9.4.51-1.1.s390x",
"product_id": "jetty-http-spi-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.51-1.1.s390x",
"product": {
"name": "jetty-io-9.4.51-1.1.s390x",
"product_id": "jetty-io-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.51-1.1.s390x",
"product": {
"name": "jetty-jaas-9.4.51-1.1.s390x",
"product_id": "jetty-jaas-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.51-1.1.s390x",
"product": {
"name": "jetty-jmx-9.4.51-1.1.s390x",
"product_id": "jetty-jmx-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.51-1.1.s390x",
"product": {
"name": "jetty-jndi-9.4.51-1.1.s390x",
"product_id": "jetty-jndi-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.51-1.1.s390x",
"product": {
"name": "jetty-jsp-9.4.51-1.1.s390x",
"product_id": "jetty-jsp-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.51-1.1.s390x",
"product": {
"name": "jetty-minimal-javadoc-9.4.51-1.1.s390x",
"product_id": "jetty-minimal-javadoc-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.51-1.1.s390x",
"product": {
"name": "jetty-openid-9.4.51-1.1.s390x",
"product_id": "jetty-openid-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.51-1.1.s390x",
"product": {
"name": "jetty-plus-9.4.51-1.1.s390x",
"product_id": "jetty-plus-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.51-1.1.s390x",
"product": {
"name": "jetty-proxy-9.4.51-1.1.s390x",
"product_id": "jetty-proxy-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.51-1.1.s390x",
"product": {
"name": "jetty-quickstart-9.4.51-1.1.s390x",
"product_id": "jetty-quickstart-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.51-1.1.s390x",
"product": {
"name": "jetty-rewrite-9.4.51-1.1.s390x",
"product_id": "jetty-rewrite-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.51-1.1.s390x",
"product": {
"name": "jetty-security-9.4.51-1.1.s390x",
"product_id": "jetty-security-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.51-1.1.s390x",
"product": {
"name": "jetty-server-9.4.51-1.1.s390x",
"product_id": "jetty-server-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.51-1.1.s390x",
"product": {
"name": "jetty-servlet-9.4.51-1.1.s390x",
"product_id": "jetty-servlet-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.51-1.1.s390x",
"product": {
"name": "jetty-servlets-9.4.51-1.1.s390x",
"product_id": "jetty-servlets-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.51-1.1.s390x",
"product": {
"name": "jetty-start-9.4.51-1.1.s390x",
"product_id": "jetty-start-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.51-1.1.s390x",
"product": {
"name": "jetty-util-9.4.51-1.1.s390x",
"product_id": "jetty-util-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.51-1.1.s390x",
"product": {
"name": "jetty-util-ajax-9.4.51-1.1.s390x",
"product_id": "jetty-util-ajax-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.51-1.1.s390x",
"product": {
"name": "jetty-webapp-9.4.51-1.1.s390x",
"product_id": "jetty-webapp-9.4.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.51-1.1.s390x",
"product": {
"name": "jetty-xml-9.4.51-1.1.s390x",
"product_id": "jetty-xml-9.4.51-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-annotations-9.4.51-1.1.x86_64",
"product_id": "jetty-annotations-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-ant-9.4.51-1.1.x86_64",
"product_id": "jetty-ant-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-cdi-9.4.51-1.1.x86_64",
"product_id": "jetty-cdi-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-client-9.4.51-1.1.x86_64",
"product_id": "jetty-client-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-continuation-9.4.51-1.1.x86_64",
"product_id": "jetty-continuation-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-deploy-9.4.51-1.1.x86_64",
"product_id": "jetty-deploy-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-fcgi-9.4.51-1.1.x86_64",
"product_id": "jetty-fcgi-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-http-9.4.51-1.1.x86_64",
"product_id": "jetty-http-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-http-spi-9.4.51-1.1.x86_64",
"product_id": "jetty-http-spi-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-io-9.4.51-1.1.x86_64",
"product_id": "jetty-io-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-jaas-9.4.51-1.1.x86_64",
"product_id": "jetty-jaas-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-jmx-9.4.51-1.1.x86_64",
"product_id": "jetty-jmx-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-jndi-9.4.51-1.1.x86_64",
"product_id": "jetty-jndi-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-jsp-9.4.51-1.1.x86_64",
"product_id": "jetty-jsp-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-minimal-javadoc-9.4.51-1.1.x86_64",
"product_id": "jetty-minimal-javadoc-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-openid-9.4.51-1.1.x86_64",
"product_id": "jetty-openid-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-plus-9.4.51-1.1.x86_64",
"product_id": "jetty-plus-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-proxy-9.4.51-1.1.x86_64",
"product_id": "jetty-proxy-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-quickstart-9.4.51-1.1.x86_64",
"product_id": "jetty-quickstart-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-rewrite-9.4.51-1.1.x86_64",
"product_id": "jetty-rewrite-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-security-9.4.51-1.1.x86_64",
"product_id": "jetty-security-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-server-9.4.51-1.1.x86_64",
"product_id": "jetty-server-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-servlet-9.4.51-1.1.x86_64",
"product_id": "jetty-servlet-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-servlets-9.4.51-1.1.x86_64",
"product_id": "jetty-servlets-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-start-9.4.51-1.1.x86_64",
"product_id": "jetty-start-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-util-9.4.51-1.1.x86_64",
"product_id": "jetty-util-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-util-ajax-9.4.51-1.1.x86_64",
"product_id": "jetty-util-ajax-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-webapp-9.4.51-1.1.x86_64",
"product_id": "jetty-webapp-9.4.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.51-1.1.x86_64",
"product": {
"name": "jetty-xml-9.4.51-1.1.x86_64",
"product_id": "jetty-xml-9.4.51-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-annotations-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-annotations-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.s390x"
},
"product_reference": "jetty-annotations-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-annotations-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-ant-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-ant-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.s390x"
},
"product_reference": "jetty-ant-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-ant-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-cdi-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-cdi-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.s390x"
},
"product_reference": "jetty-cdi-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-cdi-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-client-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-client-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.51-1.1.s390x"
},
"product_reference": "jetty-client-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-client-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-continuation-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-continuation-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.s390x"
},
"product_reference": "jetty-continuation-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-continuation-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-deploy-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-deploy-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.s390x"
},
"product_reference": "jetty-deploy-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-deploy-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-fcgi-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-fcgi-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.s390x"
},
"product_reference": "jetty-fcgi-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-fcgi-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-http-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-http-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.51-1.1.s390x"
},
"product_reference": "jetty-http-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-http-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-http-spi-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-http-spi-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.s390x"
},
"product_reference": "jetty-http-spi-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-http-spi-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-io-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-io-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.51-1.1.s390x"
},
"product_reference": "jetty-io-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-io-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-jaas-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-jaas-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.s390x"
},
"product_reference": "jetty-jaas-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-jaas-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-jmx-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-jmx-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.s390x"
},
"product_reference": "jetty-jmx-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-jmx-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-jndi-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-jndi-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.s390x"
},
"product_reference": "jetty-jndi-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-jndi-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-jsp-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-jsp-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.s390x"
},
"product_reference": "jetty-jsp-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-jsp-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-minimal-javadoc-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-minimal-javadoc-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.s390x"
},
"product_reference": "jetty-minimal-javadoc-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-minimal-javadoc-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-openid-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-openid-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.s390x"
},
"product_reference": "jetty-openid-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-openid-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-plus-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-plus-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.s390x"
},
"product_reference": "jetty-plus-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-plus-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-proxy-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-proxy-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.s390x"
},
"product_reference": "jetty-proxy-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-proxy-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-quickstart-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-quickstart-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.s390x"
},
"product_reference": "jetty-quickstart-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-quickstart-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-rewrite-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-rewrite-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.s390x"
},
"product_reference": "jetty-rewrite-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-rewrite-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-security-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-security-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.51-1.1.s390x"
},
"product_reference": "jetty-security-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-security-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-server-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-server-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.51-1.1.s390x"
},
"product_reference": "jetty-server-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-server-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-servlet-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-servlet-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.s390x"
},
"product_reference": "jetty-servlet-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-servlet-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-servlets-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-servlets-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.s390x"
},
"product_reference": "jetty-servlets-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-servlets-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-start-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-start-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.51-1.1.s390x"
},
"product_reference": "jetty-start-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-start-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-util-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-util-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.51-1.1.s390x"
},
"product_reference": "jetty-util-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-util-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-util-ajax-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-util-ajax-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.s390x"
},
"product_reference": "jetty-util-ajax-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-util-ajax-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-webapp-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-webapp-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.s390x"
},
"product_reference": "jetty-webapp-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-webapp-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.aarch64"
},
"product_reference": "jetty-xml-9.4.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.ppc64le"
},
"product_reference": "jetty-xml-9.4.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.s390x"
},
"product_reference": "jetty-xml-9.4.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.x86_64"
},
"product_reference": "jetty-xml-9.4.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-26048"
}
],
"notes": [
{
"category": "general",
"text": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-26048",
"url": "https://www.suse.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "SUSE Bug 1210620 for CVE-2023-26048",
"url": "https://bugzilla.suse.com/1210620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-26048"
},
{
"cve": "CVE-2023-26049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-26049"
}
],
"notes": [
{
"category": "general",
"text": "Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-26049",
"url": "https://www.suse.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "SUSE Bug 1210621 for CVE-2023-26049",
"url": "https://bugzilla.suse.com/1210621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.51-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.51-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2023-26049"
}
]
}
RHSA-2023:5165
Vulnerability from csaf_redhat - Published: 2023-09-14 09:51 - Updated: 2026-06-06 13:03Summary
Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update
Severity
Important
Notes
Topic: Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
Security Fix(es):
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* scala: deserialization gadget chain (CVE-2022-36944)
* DoS of the Okio client when handling a crafted GZIP archive (CVE-2023-3635)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* netty: world readable temporary file containing sensitive data (CVE-2022-24823)
* guava: insecure temporary directory creation (CVE-2023-2976)
* Jetty servlets with multipart support may cause OOM error with client requests (CVE-2023-26048)
* Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies (CVE-2023-26049)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* snappy-java: Integer overflow in shuffle leads to DoS (CVE-2023-34453)
* snappy-java: Integer overflow in compress leads to DoS (CVE-2023-34454)
* snappy-java: Unchecked chunk length leads to DoS (CVE-2023-34455)
* Flaw in Netty's SniHandler while navigating TLS handshake; DoS (CVE-2023-34462)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Scala's LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial of service.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 2.5.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
87 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:5165 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/jbossnetwork/restricted… | external |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2004133 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2004135 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2087186 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129809 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2150009 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2166004 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215229 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215393 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215394 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215445 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215465 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2216888 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2229295 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2236340 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2236341 | external |
| https://issues.redhat.com/browse/ENTMQST-5081 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2021-37136 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2004133 | external |
| https://www.cve.org/CVERecord?id=CVE-2021-37136 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2021-37136 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2021-37137 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2004135 | external |
| https://www.cve.org/CVERecord?id=CVE-2021-37137 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2021-37137 | external |
| https://access.redhat.com/security/cve/CVE-2022-1471 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2150009 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-1471 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-1471 | external |
| https://github.com/google/security-research/secur… | external |
| https://access.redhat.com/security/cve/CVE-2022-24823 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2087186 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-24823 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-24823 | external |
| https://access.redhat.com/security/cve/CVE-2022-36944 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2129809 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-36944 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-36944 | external |
| https://github.com/scala/scala/pull/10118 | external |
| https://access.redhat.com/security/cve/CVE-2023-0482 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2166004 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-0482 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-0482 | external |
| https://access.redhat.com/security/cve/CVE-2023-2976 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215229 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-2976 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-2976 | external |
| https://access.redhat.com/security/cve/CVE-2023-3635 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2229295 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-3635 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-3635 | external |
| https://access.redhat.com/security/cve/CVE-2023-26048 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2236340 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-26048 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-26048 | external |
| https://github.com/eclipse/jetty.project/security… | external |
| https://access.redhat.com/security/cve/CVE-2023-26049 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2236341 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-26049 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-26049 | external |
| https://github.com/eclipse/jetty.project/security… | external |
| https://access.redhat.com/security/cve/CVE-2023-33201 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215465 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-33201 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-33201 | external |
| https://github.com/bcgit/bc-java/wiki/CVE-2023-33201 | external |
| https://access.redhat.com/security/cve/CVE-2023-34453 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215393 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-34453 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-34453 | external |
| https://access.redhat.com/security/cve/CVE-2023-34454 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215394 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-34454 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-34454 | external |
| https://access.redhat.com/security/cve/CVE-2023-34455 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215445 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-34455 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-34455 | external |
| https://access.redhat.com/security/cve/CVE-2023-34462 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2216888 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-34462 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-34462 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.\n\nSecurity Fix(es):\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n \n* scala: deserialization gadget chain (CVE-2022-36944)\n\n* DoS of the Okio client when handling a crafted GZIP archive (CVE-2023-3635)\n \n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* netty: world readable temporary file containing sensitive data (CVE-2022-24823)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* Jetty servlets with multipart support may cause OOM error with client requests (CVE-2023-26048)\n\n* Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies (CVE-2023-26049)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* snappy-java: Integer overflow in shuffle leads to DoS (CVE-2023-34453)\n\n* snappy-java: Integer overflow in compress leads to DoS (CVE-2023-34454)\n\n* snappy-java: Unchecked chunk length leads to DoS (CVE-2023-34455)\n\n* Flaw in Netty\u0027s SniHandler while navigating TLS handshake; DoS (CVE-2023-34462)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5165",
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.5.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.5.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.5",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.5"
},
{
"category": "external",
"summary": "2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "2087186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186"
},
{
"category": "external",
"summary": "2129809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129809"
},
{
"category": "external",
"summary": "2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "2166004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
},
{
"category": "external",
"summary": "2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "2215393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215393"
},
{
"category": "external",
"summary": "2215394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215394"
},
{
"category": "external",
"summary": "2215445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215445"
},
{
"category": "external",
"summary": "2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "2216888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
},
{
"category": "external",
"summary": "2229295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229295"
},
{
"category": "external",
"summary": "2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "ENTMQST-5081",
"url": "https://issues.redhat.com/browse/ENTMQST-5081"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5165.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update",
"tracking": {
"current_release_date": "2026-06-06T13:03:28+00:00",
"generator": {
"date": "2026-06-06T13:03:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2023:5165",
"initial_release_date": "2023-09-14T09:51:43+00:00",
"revision_history": [
{
"date": "2023-09-14T09:51:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-14T09:51:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T13:03:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Streams 2.5.0",
"product": {
"name": "Red Hat AMQ Streams 2.5.0",
"product_id": "Red Hat AMQ Streams 2.5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2"
}
}
}
],
"category": "product_family",
"name": "Streams for Apache Kafka"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37136",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004133"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37136"
},
{
"category": "external",
"summary": "RHBZ#2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
},
{
"cve": "CVE-2021-37137",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37137"
},
{
"category": "external",
"summary": "RHBZ#2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
},
{
"cve": "CVE-2022-1471",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150009"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SnakeYaml: Constructor Deserialization Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1471"
},
{
"category": "external",
"summary": "RHBZ#2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
"url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SnakeYaml: Constructor Deserialization Remote Code Execution"
},
{
"cve": "CVE-2022-24823",
"cwe": {
"id": "CWE-379",
"name": "Creation of Temporary File in Directory with Insecure Permissions"
},
"discovery_date": "2022-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087186"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: world readable temporary file containing sensitive data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24823"
},
{
"category": "external",
"summary": "RHBZ#2087186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
}
],
"release_date": "2022-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "workaround",
"details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: world readable temporary file containing sensitive data"
},
{
"cve": "CVE-2022-36944",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Scala\u0027s LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "scala: deserialization gadget chain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-36944"
},
{
"category": "external",
"summary": "RHBZ#2129809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-36944",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36944"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36944",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36944"
},
{
"category": "external",
"summary": "https://github.com/scala/scala/pull/10118",
"url": "https://github.com/scala/scala/pull/10118"
}
],
"release_date": "2022-09-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "workaround",
"details": "Users of Scala\u0027s LazyList should never permit deserialization of untrusted data.",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "scala: deserialization gadget chain"
},
{
"cve": "CVE-2023-0482",
"cwe": {
"id": "CWE-378",
"name": "Creation of Temporary File With Insecure Permissions"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166004"
}
],
"notes": [
{
"category": "description",
"text": "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RESTEasy: creation of insecure temp files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0482"
},
{
"category": "external",
"summary": "RHBZ#2166004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "RESTEasy: creation of insecure temp files"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215229"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "guava: insecure temporary directory creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2976"
},
{
"category": "external",
"summary": "RHBZ#2215229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
}
],
"release_date": "2023-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "workaround",
"details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "guava: insecure temporary directory creation"
},
{
"cve": "CVE-2023-3635",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2229295"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "okio: GzipSource class improper exception handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss Enterprise Application Platform XP does contain Okio package but is not using GzipSource.java, which is the affected class.\nRed Hat support for Spring Boot is considered low impact as it\u0027s used by Dekorate during compilation process and not included in the resulting Jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3635"
},
{
"category": "external",
"summary": "RHBZ#2229295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229295"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635"
}
],
"release_date": "2023-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "okio: GzipSource class improper exception handling"
},
{
"cve": "CVE-2023-26048",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26048"
},
{
"category": "external",
"summary": "RHBZ#2236340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
},
{
"cve": "CVE-2023-26049",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2023-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26049"
},
{
"category": "external",
"summary": "RHBZ#2236341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
}
],
"release_date": "2023-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "RHBZ#2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate"
},
{
"cve": "CVE-2023-34453",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215393"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Snappy-java\u0027s shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snappy-java: Integer overflow in shuffle leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-34453"
},
{
"category": "external",
"summary": "RHBZ#2215393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34453",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34453"
}
],
"release_date": "2023-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snappy-java: Integer overflow in shuffle leads to DoS"
},
{
"cve": "CVE-2023-34454",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2023-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215394"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Snappy-java\u0027s shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snappy-java: Integer overflow in compress leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-34454"
},
{
"category": "external",
"summary": "RHBZ#2215394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215394"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34454",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34454"
}
],
"release_date": "2023-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snappy-java: Integer overflow in compress leads to DoS"
},
{
"cve": "CVE-2023-34455",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215445"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Snappy-java\u0027s fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snappy-java: Unchecked chunk length leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-34455"
},
{
"category": "external",
"summary": "RHBZ#2215445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215445"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34455",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34455"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snappy-java: Unchecked chunk length leads to DoS"
},
{
"cve": "CVE-2023-34462",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: SniHandler 16MB allocation leads to OOM",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 2.5.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-34462"
},
{
"category": "external",
"summary": "RHBZ#2216888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
}
],
"release_date": "2023-06-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-14T09:51:43+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "workaround",
"details": "Configuration of SniHandler with an idle timeout will mitigate this issue.",
"product_ids": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Streams 2.5.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: SniHandler 16MB allocation leads to OOM"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…