Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55938?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55938?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.2.26", "type": "maven", "namespace": "org.eclipse.jetty", "name": "jetty-server", "version": "9.2.26", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.4.57.v20241219", "latest_non_vulnerable_version": "12.1.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40922?format=api", "vulnerability_id": "VCID-9qyq-hht8-nqgz", "summary": "Cross-site Scripting\nJetty server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the `DefaultServlet` or `ResourceHandler` that is configured for showing a Listing of directory contents.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10241.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10241.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10411", "scoring_system": "epss", "scoring_elements": "0.93361", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.10411", "scoring_system": "epss", "scoring_elements": "0.9335", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10241" }, { "reference_url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428" }, { "reference_url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190509-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190509-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190509-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190509-0003/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4949", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4949" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705924", "reference_id": "1705924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705924" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928444", "reference_id": "928444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928444" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10241", "reference_id": "CVE-2019-10241", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10241" }, { "reference_url": "https://github.com/advisories/GHSA-7vx9-xjhr-rw6h", "reference_id": "GHSA-7vx9-xjhr-rw6h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7vx9-xjhr-rw6h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55940?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-p2fr-edcy-47ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806" }, { "url": "http://public2.vulnerablecode.io/api/packages/55980?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.2.27.v20190403", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-hwnn-v58k-93hp" }, { "vulnerability": "VCID-p2fr-edcy-47ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.27.v20190403" }, { "url": "http://public2.vulnerablecode.io/api/packages/57675?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.3.25.v20180904", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-p2fr-edcy-47ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.25.v20180904" }, { "url": "http://public2.vulnerablecode.io/api/packages/57887?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.3.26.v20190403", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-hwnn-v58k-93hp" }, { "vulnerability": "VCID-p2fr-edcy-47ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.26.v20190403" }, { "url": "http://public2.vulnerablecode.io/api/packages/233163?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.15.v20190215", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.15.v20190215" }, { "url": "http://public2.vulnerablecode.io/api/packages/57888?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.16.v20190411", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-hwnn-v58k-93hp" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.16.v20190411" } ], "aliases": [ "CVE-2019-10241", "GHSA-7vx9-xjhr-rw6h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qyq-hht8-nqgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40000?format=api", "vulnerability_id": "VCID-emr9-k9h1-vkeb", "summary": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nEclipse Jetty contains a vulnerability that could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7656.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7656.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7656", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08531", "scoring_system": "epss", "scoring_elements": "0.92542", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08531", "scoring_system": "epss", "scoring_elements": "0.92529", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7656" }, { "reference_url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658" }, { "reference_url": "https://github.com/advisories/GHSA-84q7-p226-4x5w", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-84q7-p226-4x5w" }, { "reference_url": "https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55" }, { "reference_url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181014-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181014-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4278", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4278" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.securitytracker.com/id/1041194", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041194" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595639", "reference_id": "1595639", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595639" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953", "reference_id": "902953", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656", "reference_id": "CVE-2017-7656", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3779", "reference_id": "RHSA-2020:3779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55940?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-p2fr-edcy-47ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806" }, { "url": "http://public2.vulnerablecode.io/api/packages/55941?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-f9tf-uebt-kqcy" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-p2fr-edcy-47ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605" }, { "url": "http://public2.vulnerablecode.io/api/packages/55942?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605" } ], "aliases": [ "CVE-2017-7656", "GHSA-84q7-p226-4x5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emr9-k9h1-vkeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40012?format=api", "vulnerability_id": "VCID-f4kf-f8us-r7gn", "summary": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nIf an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7658.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05482", "scoring_system": "epss", "scoring_elements": "0.90371", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05482", "scoring_system": "epss", "scoring_elements": "0.90386", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7658" }, { "reference_url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658" }, { "reference_url": "https://github.com/advisories/GHSA-6x9x-8qw9-9pp6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x9x-8qw9-9pp6" }, { "reference_url": "https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55" }, { "reference_url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181014-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181014-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4278", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4278" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.securityfocus.com/bid/106566", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106566" }, { "reference_url": "http://www.securitytracker.com/id/1041194", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041194" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595621", "reference_id": "1595621", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595621" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953", "reference_id": "902953", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7658", "reference_id": "CVE-2017-7658", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7658" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3779", "reference_id": "RHSA-2020:3779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55940?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-p2fr-edcy-47ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806" }, { "url": "http://public2.vulnerablecode.io/api/packages/55941?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-f9tf-uebt-kqcy" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-p2fr-edcy-47ct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605" }, { "url": "http://public2.vulnerablecode.io/api/packages/55942?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605" } ], "aliases": [ "CVE-2017-7658", "GHSA-6x9x-8qw9-9pp6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4kf-f8us-r7gn" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26" }