In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
References
Link | Resource |
---|---|
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220901-0006/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5198 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
25 Oct 2022, 19:10
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp management Services For Element Software And Netapp Hci
Debian debian Linux Netapp snapcenter Netapp Debian Netapp hci Compute Node Netapp solidfire \& Hci Storage Node Netapp element Plug-in For Vcenter Server |
|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5198 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220901-0006/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* |
01 Sep 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Jul 2022, 15:33
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q - Patch, Third Party Advisory | |
First Time |
Eclipse
Eclipse jetty |
|
CWE | CWE-20 | |
CPE | cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 2.7 |
07 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-07 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2047
Mitre link : CVE-2022-2047
CVE.ORG link : CVE-2022-2047
JSON object : View
Products Affected
eclipse
- jetty
netapp
- element_plug-in_for_vcenter_server
- snapcenter
- hci_compute_node
- management_services_for_element_software_and_netapp_hci
- solidfire_\&_hci_storage_node
debian
- debian_linux
CWE
CWE-20
Improper Input Validation