Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.eclipse.jetty/jetty-server@9.2.26
Typemaven
Namespaceorg.eclipse.jetty
Namejetty-server
Version9.2.26
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.4.57.v20241219
Latest_non_vulnerable_version12.1.6
Affected_by_vulnerabilities
0
url VCID-9qyq-hht8-nqgz
vulnerability_id VCID-9qyq-hht8-nqgz
summary 
Cross-site Scripting
Jetty server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the `DefaultServlet` or `ResourceHandler` that is configured for showing a Listing of directory contents.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10241.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10241.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10241
reference_id
reference_type
scores
0
value 0.10411
scoring_system epss
scoring_elements 0.93361
published_at 2026-06-05T12:55:00Z
1
value 0.10411
scoring_system epss
scoring_elements 0.9335
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10241
2
reference_url https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428
10
reference_url https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
19
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html
20
reference_url https://security.netapp.com/advisory/ntap-20190509-0003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190509-0003
21
reference_url https://security.netapp.com/advisory/ntap-20190509-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190509-0003/
22
reference_url https://www.debian.org/security/2021/dsa-4949
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4949
23
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
24
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1705924
reference_id 1705924
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1705924
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928444
reference_id 928444
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928444
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10241
reference_id CVE-2019-10241
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10241
28
reference_url https://github.com/advisories/GHSA-7vx9-xjhr-rw6h
reference_id GHSA-7vx9-xjhr-rw6h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7vx9-xjhr-rw6h
29
reference_url https://access.redhat.com/errata/RHSA-2020:0922
reference_id RHSA-2020:0922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0922
30
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
31
reference_url https://access.redhat.com/errata/RHSA-2020:1445
reference_id RHSA-2020:1445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1445
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806
purl pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ceb-5aaj-zbfn
1
vulnerability VCID-2p9t-s37z-b7ac
2
vulnerability VCID-3k1u-qrwz-ubgu
3
vulnerability VCID-3vps-uq7s-nfb7
4
vulnerability VCID-9an6-1me1-97fc
5
vulnerability VCID-9qyq-hht8-nqgz
6
vulnerability VCID-bq5u-wuuv-m7au
7
vulnerability VCID-emr9-k9h1-vkeb
8
vulnerability VCID-gua7-n9ne-t3hk
9
vulnerability VCID-p2fr-edcy-47ct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806
1
url pkg:maven/org.eclipse.jetty/jetty-server@9.2.27.v20190403
purl pkg:maven/org.eclipse.jetty/jetty-server@9.2.27.v20190403
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p9t-s37z-b7ac
1
vulnerability VCID-3k1u-qrwz-ubgu
2
vulnerability VCID-3vps-uq7s-nfb7
3
vulnerability VCID-9an6-1me1-97fc
4
vulnerability VCID-bq5u-wuuv-m7au
5
vulnerability VCID-emr9-k9h1-vkeb
6
vulnerability VCID-gua7-n9ne-t3hk
7
vulnerability VCID-hwnn-v58k-93hp
8
vulnerability VCID-p2fr-edcy-47ct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.27.v20190403
2
url pkg:maven/org.eclipse.jetty/jetty-server@9.3.25.v20180904
purl pkg:maven/org.eclipse.jetty/jetty-server@9.3.25.v20180904
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p9t-s37z-b7ac
1
vulnerability VCID-3k1u-qrwz-ubgu
2
vulnerability VCID-3vps-uq7s-nfb7
3
vulnerability VCID-9an6-1me1-97fc
4
vulnerability VCID-9qyq-hht8-nqgz
5
vulnerability VCID-bq5u-wuuv-m7au
6
vulnerability VCID-gua7-n9ne-t3hk
7
vulnerability VCID-p2fr-edcy-47ct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.25.v20180904
3
url pkg:maven/org.eclipse.jetty/jetty-server@9.3.26.v20190403
purl pkg:maven/org.eclipse.jetty/jetty-server@9.3.26.v20190403
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p9t-s37z-b7ac
1
vulnerability VCID-3k1u-qrwz-ubgu
2
vulnerability VCID-3vps-uq7s-nfb7
3
vulnerability VCID-9an6-1me1-97fc
4
vulnerability VCID-bq5u-wuuv-m7au
5
vulnerability VCID-gua7-n9ne-t3hk
6
vulnerability VCID-hwnn-v58k-93hp
7
vulnerability VCID-p2fr-edcy-47ct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.26.v20190403
4
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.15.v20190215
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.15.v20190215
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p9t-s37z-b7ac
1
vulnerability VCID-3k1u-qrwz-ubgu
2
vulnerability VCID-3vps-uq7s-nfb7
3
vulnerability VCID-9an6-1me1-97fc
4
vulnerability VCID-9qyq-hht8-nqgz
5
vulnerability VCID-bq5u-wuuv-m7au
6
vulnerability VCID-gua7-n9ne-t3hk
7
vulnerability VCID-jktf-sads-m7ca
8
vulnerability VCID-k829-sb45-hba9
9
vulnerability VCID-p2fr-edcy-47ct
10
vulnerability VCID-r7rk-5z6r-33a1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.15.v20190215
5
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.16.v20190411
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.16.v20190411
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p9t-s37z-b7ac
1
vulnerability VCID-3k1u-qrwz-ubgu
2
vulnerability VCID-3vps-uq7s-nfb7
3
vulnerability VCID-9an6-1me1-97fc
4
vulnerability VCID-bq5u-wuuv-m7au
5
vulnerability VCID-gua7-n9ne-t3hk
6
vulnerability VCID-hwnn-v58k-93hp
7
vulnerability VCID-jktf-sads-m7ca
8
vulnerability VCID-k829-sb45-hba9
9
vulnerability VCID-p2fr-edcy-47ct
10
vulnerability VCID-r7rk-5z6r-33a1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.16.v20190411
aliases CVE-2019-10241, GHSA-7vx9-xjhr-rw6h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qyq-hht8-nqgz
1
url VCID-emr9-k9h1-vkeb
vulnerability_id VCID-emr9-k9h1-vkeb
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
Eclipse Jetty contains a vulnerability that could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7656.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7656.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7656
reference_id
reference_type
scores
0
value 0.08531
scoring_system epss
scoring_elements 0.92542
published_at 2026-06-05T12:55:00Z
1
value 0.08531
scoring_system epss
scoring_elements 0.92529
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7656
2
reference_url https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658
6
reference_url https://github.com/advisories/GHSA-84q7-p226-4x5w
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-84q7-p226-4x5w
7
reference_url https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55
reference_id
reference_type
scores
url https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55
8
reference_url https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E
12
reference_url https://security.netapp.com/advisory/ntap-20181014-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181014-0001
13
reference_url https://security.netapp.com/advisory/ntap-20181014-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181014-0001/
14
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us
15
reference_url https://www.debian.org/security/2018/dsa-4278
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4278
16
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
17
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
18
reference_url http://www.securitytracker.com/id/1041194
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041194
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1595639
reference_id 1595639
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1595639
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953
reference_id 902953
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7656
reference_id CVE-2017-7656
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7656
22
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806
purl pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ceb-5aaj-zbfn
1
vulnerability VCID-2p9t-s37z-b7ac
2
vulnerability VCID-3k1u-qrwz-ubgu
3
vulnerability VCID-3vps-uq7s-nfb7
4
vulnerability VCID-9an6-1me1-97fc
5
vulnerability VCID-9qyq-hht8-nqgz
6
vulnerability VCID-bq5u-wuuv-m7au
7
vulnerability VCID-emr9-k9h1-vkeb
8
vulnerability VCID-gua7-n9ne-t3hk
9
vulnerability VCID-p2fr-edcy-47ct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806
1
url pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605
purl pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p9t-s37z-b7ac
1
vulnerability VCID-3k1u-qrwz-ubgu
2
vulnerability VCID-3vps-uq7s-nfb7
3
vulnerability VCID-9an6-1me1-97fc
4
vulnerability VCID-9qyq-hht8-nqgz
5
vulnerability VCID-bq5u-wuuv-m7au
6
vulnerability VCID-f9tf-uebt-kqcy
7
vulnerability VCID-gua7-n9ne-t3hk
8
vulnerability VCID-p2fr-edcy-47ct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605
2
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p9t-s37z-b7ac
1
vulnerability VCID-3k1u-qrwz-ubgu
2
vulnerability VCID-3vps-uq7s-nfb7
3
vulnerability VCID-9an6-1me1-97fc
4
vulnerability VCID-9qyq-hht8-nqgz
5
vulnerability VCID-bq5u-wuuv-m7au
6
vulnerability VCID-gua7-n9ne-t3hk
7
vulnerability VCID-jktf-sads-m7ca
8
vulnerability VCID-k829-sb45-hba9
9
vulnerability VCID-p2fr-edcy-47ct
10
vulnerability VCID-r7rk-5z6r-33a1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
aliases CVE-2017-7656, GHSA-84q7-p226-4x5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emr9-k9h1-vkeb
2
url VCID-f4kf-f8us-r7gn
vulnerability_id VCID-f4kf-f8us-r7gn
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7658.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7658.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7658
reference_id
reference_type
scores
0
value 0.05482
scoring_system epss
scoring_elements 0.90371
published_at 2026-06-04T12:55:00Z
1
value 0.05482
scoring_system epss
scoring_elements 0.90386
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7658
2
reference_url https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658
6
reference_url https://github.com/advisories/GHSA-6x9x-8qw9-9pp6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6x9x-8qw9-9pp6
7
reference_url https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55
reference_id
reference_type
scores
url https://github.com/eclipse/jetty.project/commit/a285deea42fcab60d9edcf994e458c238a348b55
8
reference_url https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E
15
reference_url https://security.netapp.com/advisory/ntap-20181014-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181014-0001
16
reference_url https://security.netapp.com/advisory/ntap-20181014-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181014-0001/
17
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us
18
reference_url https://www.debian.org/security/2018/dsa-4278
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4278
19
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
20
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
21
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
22
reference_url http://www.securityfocus.com/bid/106566
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106566
23
reference_url http://www.securitytracker.com/id/1041194
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041194
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1595621
reference_id 1595621
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1595621
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953
reference_id 902953
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902953
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7658
reference_id CVE-2017-7658
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7658
27
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
fixed_packages
0
url pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806
purl pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ceb-5aaj-zbfn
1
vulnerability VCID-2p9t-s37z-b7ac
2
vulnerability VCID-3k1u-qrwz-ubgu
3
vulnerability VCID-3vps-uq7s-nfb7
4
vulnerability VCID-9an6-1me1-97fc
5
vulnerability VCID-9qyq-hht8-nqgz
6
vulnerability VCID-bq5u-wuuv-m7au
7
vulnerability VCID-emr9-k9h1-vkeb
8
vulnerability VCID-gua7-n9ne-t3hk
9
vulnerability VCID-p2fr-edcy-47ct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26.v20180806
1
url pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605
purl pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p9t-s37z-b7ac
1
vulnerability VCID-3k1u-qrwz-ubgu
2
vulnerability VCID-3vps-uq7s-nfb7
3
vulnerability VCID-9an6-1me1-97fc
4
vulnerability VCID-9qyq-hht8-nqgz
5
vulnerability VCID-bq5u-wuuv-m7au
6
vulnerability VCID-f9tf-uebt-kqcy
7
vulnerability VCID-gua7-n9ne-t3hk
8
vulnerability VCID-p2fr-edcy-47ct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.3.24.v20180605
2
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p9t-s37z-b7ac
1
vulnerability VCID-3k1u-qrwz-ubgu
2
vulnerability VCID-3vps-uq7s-nfb7
3
vulnerability VCID-9an6-1me1-97fc
4
vulnerability VCID-9qyq-hht8-nqgz
5
vulnerability VCID-bq5u-wuuv-m7au
6
vulnerability VCID-gua7-n9ne-t3hk
7
vulnerability VCID-jktf-sads-m7ca
8
vulnerability VCID-k829-sb45-hba9
9
vulnerability VCID-p2fr-edcy-47ct
10
vulnerability VCID-r7rk-5z6r-33a1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605
aliases CVE-2017-7658, GHSA-6x9x-8qw9-9pp6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4kf-f8us-r7gn
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.2.26