Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/39992?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39992?format=api", "vulnerability_id": "VCID-6wmw-tne9-xbaz", "summary": "Session Fixation\nWhen using the optional Jetty provided `FileSessionDataStore` for persistent storage of `HttpSession` details, it is possible for a malicious user to access/hijack other `HttpSessions`.", "aliases": [ { "alias": "CVE-2018-12538" }, { "alias": "GHSA-mwcx-532g-8pq3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99953?format=api", "purl": "pkg:deb/debian/jetty9@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99954?format=api", "purl": "pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99952?format=api", "purl": "pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99956?format=api", "purl": "pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99955?format=api", "purl": "pkg:deb/debian/jetty9@9.4.58-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/55927?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619" }, { "url": "http://public2.vulnerablecode.io/api/packages/55942?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55925?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-f9tf-uebt-kqcy" }, { "vulnerability": "VCID-hwnn-v58k-93hp" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" }, { "vulnerability": "VCID-x5gr-c5yu-y3hs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/179532?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20161208", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20161208" }, { "url": "http://public2.vulnerablecode.io/api/packages/179533?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20180619", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20180619" }, { "url": "http://public2.vulnerablecode.io/api/packages/179534?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20170120", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20170120" }, { "url": "http://public2.vulnerablecode.io/api/packages/179535?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20180619", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20180619" }, { "url": "http://public2.vulnerablecode.io/api/packages/179536?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20170220", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20170220" }, { "url": "http://public2.vulnerablecode.io/api/packages/179537?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20180619", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20180619" }, { "url": "http://public2.vulnerablecode.io/api/packages/179538?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317" }, { "url": "http://public2.vulnerablecode.io/api/packages/179539?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20180619", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20180619" }, { "url": "http://public2.vulnerablecode.io/api/packages/179540?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20170414", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20170414" }, { "url": "http://public2.vulnerablecode.io/api/packages/179541?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20180619", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20180619" }, { "url": "http://public2.vulnerablecode.io/api/packages/179542?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20170502", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" }, { "vulnerability": "VCID-x5gr-c5yu-y3hs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20170502" }, { "url": "http://public2.vulnerablecode.io/api/packages/179543?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20180619", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20180619" }, { "url": "http://public2.vulnerablecode.io/api/packages/56871?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20170531", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20170531" }, { "url": "http://public2.vulnerablecode.io/api/packages/179544?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20180619", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20180619" }, { "url": "http://public2.vulnerablecode.io/api/packages/179545?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.RC0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.RC0" }, { "url": "http://public2.vulnerablecode.io/api/packages/179546?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20170914", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20170914" }, { "url": "http://public2.vulnerablecode.io/api/packages/179547?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20180619", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20180619" }, { "url": "http://public2.vulnerablecode.io/api/packages/55926?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20171121", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20171121" }, { "url": "http://public2.vulnerablecode.io/api/packages/55927?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619" }, { "url": "http://public2.vulnerablecode.io/api/packages/179548?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.9.v20180320", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.9.v20180320" }, { "url": "http://public2.vulnerablecode.io/api/packages/179549?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC0" }, { "url": "http://public2.vulnerablecode.io/api/packages/179550?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC1" }, { "url": "http://public2.vulnerablecode.io/api/packages/179551?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.v20180503", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ceb-5aaj-zbfn" }, { "vulnerability": "VCID-2p9t-s37z-b7ac" }, { "vulnerability": "VCID-3k1u-qrwz-ubgu" }, { "vulnerability": "VCID-3vps-uq7s-nfb7" }, { "vulnerability": "VCID-6wmw-tne9-xbaz" }, { "vulnerability": "VCID-9an6-1me1-97fc" }, { "vulnerability": "VCID-9qyq-hht8-nqgz" }, { "vulnerability": "VCID-bq5u-wuuv-m7au" }, { "vulnerability": "VCID-emr9-k9h1-vkeb" }, { "vulnerability": "VCID-f4kf-f8us-r7gn" }, { "vulnerability": "VCID-gua7-n9ne-t3hk" }, { "vulnerability": "VCID-jktf-sads-m7ca" }, { "vulnerability": "VCID-k829-sb45-hba9" }, { "vulnerability": "VCID-p2fr-edcy-47ct" }, { "vulnerability": "VCID-r7rk-5z6r-33a1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.v20180503" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12538.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12538.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12538", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.6701", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.66977", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67026", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67017", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12538" }, { "reference_url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018" }, { "reference_url": "https://github.com/advisories/GHSA-mwcx-532g-8pq3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwcx-532g-8pq3" }, { "reference_url": "https://github.com/eclipse/jetty.project/commit/a0b8321ef452dddff9bc6c14e3ac0108239bfa2c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/eclipse/jetty.project/commit/a0b8321ef452dddff9bc6c14e3ac0108239bfa2c" }, { "reference_url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181014-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181014-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.securitytracker.com/id/1041194", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041194" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595453", "reference_id": "1595453", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595453" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12538", "reference_id": "CVE-2018-12538", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12538" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 384, "name": "Session Fixation", "description": "Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 6, "name": "J2EE Misconfiguration: Insufficient Session-ID Length", "description": "The J2EE application is configured to use an insufficient session ID length." }, { "cwe_id": 287, "name": "Improper Authentication", "description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct." } ], "exploits": [], "severity_range_score": "5.6 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wmw-tne9-xbaz" }