In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
References
Link | Resource |
---|---|
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220901-0006/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5198 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2022-07-07 21:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-2047
Mitre link : CVE-2022-2047
CVE.ORG link : CVE-2022-2047
JSON object : View
Products Affected
netapp
- management_services_for_element_software_and_netapp_hci
- solidfire_\&_hci_storage_node
- hci_compute_node
- element_plug-in_for_vcenter_server
- snapcenter
debian
- debian_linux
eclipse
- jetty
CWE
CWE-20
Improper Input Validation