CVE-2022-2047

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

History

25 Oct 2022, 19:10

Type Values Removed Values Added
References (DEBIAN) https://www.debian.org/security/2022/dsa-5198 - (DEBIAN) https://www.debian.org/security/2022/dsa-5198 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220901-0006/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220901-0006/ - Third Party Advisory
CPE cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

01 Sep 2022, 14:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220901-0006/ -

22 Aug 2022, 01:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html -

02 Aug 2022, 20:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5198 -

15 Jul 2022, 15:33

Type Values Removed Values Added
CPE cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 2.7
References (CONFIRM) https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q - (CONFIRM) https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q - Patch, Third Party Advisory
CWE CWE-20

07 Jul 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-07 21:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-2047

Mitre link : CVE-2022-2047

CVE.ORG link : CVE-2022-2047


JSON object : View

Products Affected

netapp

  • management_services_for_element_software_and_netapp_hci
  • solidfire_\&_hci_storage_node
  • snapcenter
  • element_plug-in_for_vcenter_server
  • hci_compute_node

debian

  • debian_linux

eclipse

  • jetty
CWE
CWE-20

Improper Input Validation