In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
References
Link | Resource |
---|---|
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220901-0006/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5198 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
25 Oct 2022, 19:10
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5198 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220901-0006/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* |
01 Sep 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Jul 2022, 15:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 2.7 |
References | (CONFIRM) https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q - Patch, Third Party Advisory | |
CWE | CWE-20 |
07 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-07 21:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-2047
Mitre link : CVE-2022-2047
CVE.ORG link : CVE-2022-2047
JSON object : View
Products Affected
netapp
- management_services_for_element_software_and_netapp_hci
- solidfire_\&_hci_storage_node
- snapcenter
- element_plug-in_for_vcenter_server
- hci_compute_node
debian
- debian_linux
eclipse
- jetty
CWE
CWE-20
Improper Input Validation