Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.eclipse.jetty/jetty-server@9.2.26

Type maven

Namespace org.eclipse.jetty

Name jetty-server

Version 9.2.26

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 9.4.57.v20241219

Latest_non_vulnerable_version 12.1.6

Affected_by_vulnerabilities

url VCID-ahev-zdjd-gqg1

vulnerability_id VCID-ahev-zdjd-gqg1

summary

Cross-site Scripting
Jetty server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the `DefaultServlet` or `ResourceHandler` that is configured for showing a Listing of directory contents.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10241.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10241.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10241

reference_id

reference_type

scores

value	0.09686
scoring_system	epss
scoring_elements	0.93003
published_at	2026-05-14T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.9298
published_at	2026-05-12T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92973
published_at	2026-05-11T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92892
published_at	2026-04-01T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.929
published_at	2026-04-02T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92969
published_at	2026-05-09T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92958
published_at	2026-05-07T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92945
published_at	2026-05-05T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92942
published_at	2026-04-26T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92941
published_at	2026-04-24T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92938
published_at	2026-04-29T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.9293
published_at	2026-04-16T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92932
published_at	2026-04-18T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.9292
published_at	2026-04-13T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92904
published_at	2026-04-04T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92903
published_at	2026-04-07T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92911
published_at	2026-04-08T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92916
published_at	2026-04-09T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92921
published_at	2026-04-11T12:55:00Z

value	0.09686
scoring_system	epss
scoring_elements	0.92919
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10241

reference_url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428

reference_url

https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html

reference_url

https://security.netapp.com/advisory/ntap-20190509-0003

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190509-0003

reference_url	https://security.netapp.com/advisory/ntap-20190509-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190509-0003/

reference_url

https://www.debian.org/security/2021/dsa-4949

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4949

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1705924
reference_id	1705924
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1705924

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928444
reference_id	928444
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928444

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10241

reference_id

CVE-2019-10241

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10241

reference_url

https://github.com/advisories/GHSA-7vx9-xjhr-rw6h

reference_id

GHSA-7vx9-xjhr-rw6h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7vx9-xjhr-rw6h

reference_url	https://access.redhat.com/errata/RHSA-2020:0922
reference_id	RHSA-2020:0922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0922

reference_url	https://access.redhat.com/errata/RHSA-2020:0983
reference_id	RHSA-2020:0983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0983

reference_url	https://access.redhat.com/errata/RHSA-2020:1445
reference_id	RHSA-2020:1445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1445

fixed_packages

url pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806

purl pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806

url pkg:maven/org.eclipse.jetty/jetty-server@9.2.27.v20190403

purl pkg:maven/org.eclipse.jetty/jetty-server@9.2.27.v20190403

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6uhn-tn81-cyac

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.27.v20190403

url pkg:maven/org.eclipse.jetty/jetty-server@9.3.25.v20180904

purl pkg:maven/org.eclipse.jetty/jetty-server@9.3.25.v20180904

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-y3mv-vmwd-tydt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.25.v20180904

url pkg:maven/org.eclipse.jetty/jetty-server@9.3.26.v20190403

purl pkg:maven/org.eclipse.jetty/jetty-server@9.3.26.v20190403

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6uhn-tn81-cyac

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-y3mv-vmwd-tydt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.26.v20190403

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.15.v20190215

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.15.v20190215

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.15.v20190215

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.16.v20190411

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.16.v20190411

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6uhn-tn81-cyac

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.16.v20190411

aliases CVE-2019-10241, GHSA-7vx9-xjhr-rw6h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahev-zdjd-gqg1

url VCID-kvqz-fppe-d7fe

vulnerability_id VCID-kvqz-fppe-d7fe

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7658.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7658.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7658

reference_id

reference_type

scores

value	0.08038
scoring_system	epss
scoring_elements	0.92123
published_at	2026-04-12T12:55:00Z

value	0.08038
scoring_system	epss
scoring_elements	0.9213
published_at	2026-04-16T12:55:00Z

value	0.08038
scoring_system	epss
scoring_elements	0.92128
published_at	2026-04-21T12:55:00Z

value	0.08038
scoring_system	epss
scoring_elements	0.92116
published_at	2026-04-08T12:55:00Z

value	0.08038
scoring_system	epss
scoring_elements	0.92119
published_at	2026-04-13T12:55:00Z

value	0.08038
scoring_system	epss
scoring_elements	0.92094
published_at	2026-04-02T12:55:00Z

value	0.08038
scoring_system	epss
scoring_elements	0.92104
published_at	2026-04-07T12:55:00Z

value	0.08038
scoring_system	epss
scoring_elements	0.92087
published_at	2026-04-01T12:55:00Z

value	0.08038
scoring_system	epss
scoring_elements	0.921
published_at	2026-04-04T12:55:00Z

value	0.08612
scoring_system	epss
scoring_elements	0.92464
published_at	2026-05-07T12:55:00Z

value	0.08612
scoring_system	epss
scoring_elements	0.92504
published_at	2026-05-14T12:55:00Z

value	0.08612
scoring_system	epss
scoring_elements	0.92484
published_at	2026-05-12T12:55:00Z

value	0.08612
scoring_system	epss
scoring_elements	0.92477
published_at	2026-05-11T12:55:00Z

value	0.08612
scoring_system	epss
scoring_elements	0.92474
published_at	2026-05-09T12:55:00Z

value	0.08612
scoring_system	epss
scoring_elements	0.92454
published_at	2026-05-05T12:55:00Z

value	0.08612
scoring_system	epss
scoring_elements	0.92443
published_at	2026-04-29T12:55:00Z

value	0.08612
scoring_system	epss
scoring_elements	0.92448
published_at	2026-04-26T12:55:00Z

value	0.08612
scoring_system	epss
scoring_elements	0.92447
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7658

reference_url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658

reference_url

https://github.com/advisories/GHSA-6x9x-8qw9-9pp6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6x9x-8qw9-9pp6

reference_url	https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55
reference_id
reference_type
scores
url	https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55

reference_url

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20181014-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181014-0001

reference_url	https://security.netapp.com/advisory/ntap-20181014-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20181014-0001/

reference_url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us

reference_url

https://www.debian.org/security/2018/dsa-4278

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4278

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

http://www.securityfocus.com/bid/106566

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106566

reference_url

http://www.securitytracker.com/id/1041194

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041194

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1595621
reference_id	1595621
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1595621

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953
reference_id	902953
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7658

reference_id

CVE-2017-7658

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7658

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

fixed_packages

url pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806

purl pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806

url pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605

purl pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kh4j-dvmk-akaz

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-y3mv-vmwd-tydt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

aliases CVE-2017-7658, GHSA-6x9x-8qw9-9pp6

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvqz-fppe-d7fe

url VCID-znv6-77jf-v3gu

vulnerability_id VCID-znv6-77jf-v3gu

summary In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7656.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7656.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7656

reference_id

reference_type

scores

value	0.07767
scoring_system	epss
scoring_elements	0.9195
published_at	2026-04-08T12:55:00Z

value	0.07767
scoring_system	epss
scoring_elements	0.91974
published_at	2026-04-16T12:55:00Z

value	0.07767
scoring_system	epss
scoring_elements	0.91958
published_at	2026-04-12T12:55:00Z

value	0.07767
scoring_system	epss
scoring_elements	0.91915
published_at	2026-04-01T12:55:00Z

value	0.07767
scoring_system	epss
scoring_elements	0.91955
published_at	2026-04-13T12:55:00Z

value	0.07767
scoring_system	epss
scoring_elements	0.91923
published_at	2026-04-02T12:55:00Z

value	0.07767
scoring_system	epss
scoring_elements	0.91931
published_at	2026-04-04T12:55:00Z

value	0.07767
scoring_system	epss
scoring_elements	0.91938
published_at	2026-04-07T12:55:00Z

value	0.07962
scoring_system	epss
scoring_elements	0.92079
published_at	2026-04-21T12:55:00Z

value	0.07962
scoring_system	epss
scoring_elements	0.9208
published_at	2026-04-18T12:55:00Z

value	0.08324
scoring_system	epss
scoring_elements	0.92306
published_at	2026-05-05T12:55:00Z

value	0.08324
scoring_system	epss
scoring_elements	0.92353
published_at	2026-05-14T12:55:00Z

value	0.08324
scoring_system	epss
scoring_elements	0.92334
published_at	2026-05-12T12:55:00Z

value	0.08324
scoring_system	epss
scoring_elements	0.92326
published_at	2026-05-11T12:55:00Z

value	0.08324
scoring_system	epss
scoring_elements	0.92324
published_at	2026-05-09T12:55:00Z

value	0.08324
scoring_system	epss
scoring_elements	0.92316
published_at	2026-05-07T12:55:00Z

value	0.08531
scoring_system	epss
scoring_elements	0.92405
published_at	2026-04-26T12:55:00Z

value	0.08531
scoring_system	epss
scoring_elements	0.924
published_at	2026-04-29T12:55:00Z

value	0.08531
scoring_system	epss
scoring_elements	0.92404
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7656

reference_url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658

reference_url

https://github.com/advisories/GHSA-84q7-p226-4x5w

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-84q7-p226-4x5w

reference_url	https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55
reference_id
reference_type
scores
url	https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55

reference_url

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_url	https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6%40%3Cissues.maven.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6%40%3Cissues.maven.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20181014-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181014-0001

reference_url	https://security.netapp.com/advisory/ntap-20181014-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20181014-0001/

reference_url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us

reference_url

https://www.debian.org/security/2018/dsa-4278

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4278

reference_url	https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url	https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

http://www.securitytracker.com/id/1041194

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041194

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1595639
reference_id	1595639
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1595639

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953
reference_id	902953
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty::::::::
reference_id	cpe:2.3:a:eclipse:jetty::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7656

reference_id

CVE-2017-7656

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7656

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

fixed_packages

url pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806

purl pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806

url pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605

purl pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kh4j-dvmk-akaz

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-y3mv-vmwd-tydt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

aliases CVE-2017-7656, GHSA-84q7-p226-4x5w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znv6-77jf-v3gu

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26

Package Instance