{"url":"http://public2.vulnerablecode.io/api/packages/925874?format=json","purl":"pkg:deb/debian/jetty9@0?distro=trixie","type":"deb","namespace":"debian","name":"jetty9","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.2.22-1","latest_non_vulnerable_version":"9.4.58-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10585?format=json","vulnerability_id":"VCID-6uhn-tn81-cyac","summary":"Information Exposure\nIn Eclipse Jetty version, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10246.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10246.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10246","reference_id":"","reference_type":"","scores":[{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85743","published_at":"2026-05-16T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.855","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85512","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85529","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85534","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85554","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85564","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85579","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85576","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85572","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85594","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.856","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85596","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85617","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85628","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85629","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85647","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.8567","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85687","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85682","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85695","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85732","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85741","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10246"},{"reference_url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576"},{"reference_url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190509-0003","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190509-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190509-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190509-0003/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187703","reference_id":"2187703","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187703"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10246","reference_id":"CVE-2019-10246","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10246"},{"reference_url":"https://github.com/advisories/GHSA-r28m-g6j9-r2h5","reference_id":"GHSA-r28m-g6j9-r2h5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r28m-g6j9-r2h5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/925874?format=json","purl":"pkg:deb/debian/jetty9@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925875?format=json","purl":"pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925873?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925877?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925876?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104201?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie"}],"aliases":["CVE-2019-10246","GHSA-r28m-g6j9-r2h5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6uhn-tn81-cyac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53766?format=json","vulnerability_id":"VCID-h3wz-rdkt-7ue6","summary":"Jetty SslConnection does not release pooled ByteBuffers in case of errors\n### Impact\n`SslConnection` does not release `ByteBuffer`s in case of error code paths.\nFor example, TLS handshakes that require client-auth with clients that send expired certificates will trigger a TLS handshake errors and the `ByteBuffer`s used to process the TLS handshake will be leaked.\n\n### Workarounds\nConfigure explicitly a `RetainableByteBufferPool` with `max[Heap|Direct]Memory` to limit the amount of memory that is leaked.\nEventually the pool will be full of \"active\" entries (the leaked ones) and will provide `ByteBuffer`s that will be GCed normally.\n\n_With embedded-jetty_\n\n``` java\nint maxBucketSize = 1000;\nlong maxHeapMemory = 128 * 1024L * 1024L; // 128 MB\nlong maxDirectMemory = 128 * 1024L * 1024L; // 128 MB\nRetainableByteBufferPool rbbp = new ArrayRetainableByteBufferPool(0, -1, -1, maxBucketSize, maxHeapMemory, maxDirectMemory);\n\nserver.addBean(rbbp); // make sure the ArrayRetainableByteBufferPool is added before the server is started\nserver.start();\n```\n\n_With jetty-home/jetty-base_\n\nCreate a `${jetty.base}/etc/retainable-byte-buffer-config.xml`\n\n``` xml\n<?xml version=\"1.0\"?>\n<!DOCTYPE Configure PUBLIC \"-//Jetty//Configure//EN\" \"https://www.eclipse.org/jetty/configure_10_0.dtd\">\n\n<Configure id=\"Server\" class=\"org.eclipse.jetty.server.Server\">\n  <Call name=\"addBean\">\n    <Arg>\n      <New class=\"org.eclipse.jetty.io.ArrayRetainableByteBufferPool\">\n        <Arg type=\"int\"><Property name=\"jetty.byteBufferPool.minCapacity\" default=\"0\"/></Arg>\n        <Arg type=\"int\"><Property name=\"jetty.byteBufferPool.factor\" default=\"-1\"/></Arg>\n        <Arg type=\"int\"><Property name=\"jetty.byteBufferPool.maxCapacity\" default=\"-1\"/></Arg>\n        <Arg type=\"int\"><Property name=\"jetty.byteBufferPool.maxBucketSize\" default=\"1000\"/></Arg>\n        <Arg type=\"long\"><Property name=\"jetty.byteBufferPool.maxHeapMemory\" default=\"128000000\"/></Arg>\n        <Arg type=\"long\"><Property name=\"jetty.byteBufferPool.maxDirectMemory\" default=\"128000000\"/></Arg>\n      </New>\n    </Arg>\n  </Call>\n</Configure>\n```\n\nAnd then reference it in `${jetty.base}/start.d/retainable-byte-buffer-config.ini`\n\n```\netc/retainable-byte-buffer-config.xml\n```\n\n\n### References\nhttps://github.com/eclipse/jetty.project/issues/8161\n\n### For more information\n* Email us at [security@webtide.com](mailto:security@webtide.com)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2191.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2191.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2191","reference_id":"","reference_type":"","scores":[{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71144","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.7116","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71157","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71148","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71091","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71111","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71104","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71074","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.7109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71066","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71052","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71017","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71009","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.71034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01286","scoring_system":"epss","scoring_elements":"0.79819","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01286","scoring_system":"epss","scoring_elements":"0.79745","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01286","scoring_system":"epss","scoring_elements":"0.79763","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01286","scoring_system":"epss","scoring_elements":"0.79758","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01286","scoring_system":"epss","scoring_elements":"0.79771","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01286","scoring_system":"epss","scoring_elements":"0.7981","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01286","scoring_system":"epss","scoring_elements":"0.79815","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2191"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/eclipse/jetty.project","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/eclipse/jetty.project"},{"reference_url":"https://github.com/eclipse/jetty.project/issues/8161","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/eclipse/jetty.project/issues/8161"},{"reference_url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2191","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2191"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220909-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220909-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220909-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220909-0003/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2116953","reference_id":"2116953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2116953"},{"reference_url":"https://github.com/advisories/GHSA-8mpp-f3f7-xc28","reference_id":"GHSA-8mpp-f3f7-xc28","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mpp-f3f7-xc28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0189","reference_id":"RHSA-2023:0189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0189"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/925874?format=json","purl":"pkg:deb/debian/jetty9@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925875?format=json","purl":"pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925873?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925877?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925876?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104201?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie"}],"aliases":["CVE-2022-2191","GHSA-8mpp-f3f7-xc28"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h3wz-rdkt-7ue6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10498?format=json","vulnerability_id":"VCID-kh4j-dvmk-akaz","summary":"Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server\nIn Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12545.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12545.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12545","reference_id":"","reference_type":"","scores":[{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86613","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86659","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86666","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.8666","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86647","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86654","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86656","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86584","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86594","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86708","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86685","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86686","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03027","scoring_system":"epss","scoring_elements":"0.86677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0354","scoring_system":"epss","scoring_elements":"0.87808","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0354","scoring_system":"epss","scoring_elements":"0.87799","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0354","scoring_system":"epss","scoring_elements":"0.87768","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0354","scoring_system":"epss","scoring_elements":"0.87755","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0354","scoring_system":"epss","scoring_elements":"0.87758","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0354","scoring_system":"epss","scoring_elements":"0.8774","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0354","scoring_system":"epss","scoring_elements":"0.87809","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12545"},{"reference_url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"},{"reference_url":"https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1696062","reference_id":"1696062","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1696062"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12545","reference_id":"CVE-2018-12545","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12545"},{"reference_url":"https://github.com/advisories/GHSA-h2f4-v4c4-6wx4","reference_id":"GHSA-h2f4-v4c4-6wx4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h2f4-v4c4-6wx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/925874?format=json","purl":"pkg:deb/debian/jetty9@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925875?format=json","purl":"pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925873?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925877?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925876?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104201?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie"}],"aliases":["CVE-2018-12545","GHSA-h2f4-v4c4-6wx4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kh4j-dvmk-akaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5022?format=json","vulnerability_id":"VCID-q54z-9km5-7bf3","summary":"In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12538.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12538.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12538","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66817","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66568","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66616","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66629","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66648","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66603","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66639","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66654","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.6664","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66665","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66679","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66678","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66653","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66697","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66738","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66712","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66731","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66796","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66807","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66532","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66571","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66596","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12538"},{"reference_url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"},{"reference_url":"https://github.com/advisories/GHSA-mwcx-532g-8pq3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwcx-532g-8pq3"},{"reference_url":"https://github.com/eclipse/jetty.project/commit/a0b8321ef452dddff9bc6c14e3ac0108239bfa2c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/eclipse/jetty.project/commit/a0b8321ef452dddff9bc6c14e3ac0108239bfa2c"},{"reference_url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181014-0001","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181014-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181014-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181014-0001/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.securitytracker.com/id/1041194","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041194"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595453","reference_id":"1595453","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595453"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12538","reference_id":"CVE-2018-12538","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12538"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/925874?format=json","purl":"pkg:deb/debian/jetty9@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925875?format=json","purl":"pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925873?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925877?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925876?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104201?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie"}],"aliases":["CVE-2018-12538","GHSA-mwcx-532g-8pq3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q54z-9km5-7bf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4754?format=json","vulnerability_id":"VCID-r725-4tby-87f2","summary":"The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.","references":[{"reference_url":"http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00092.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00092.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4800.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4800.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4800","reference_id":"","reference_type":"","scores":[{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69924","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69701","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69718","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.6974","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69726","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69713","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69752","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69762","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69742","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69793","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69801","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69806","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.6978","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69824","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69854","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.6985","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.699","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69911","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69645","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69657","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69673","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.6965","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4800"},{"reference_url":"https://github.com/eclipse/jetty.project/commit/97af3d663fd22343129e8364d601640649d9eaea","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/eclipse/jetty.project/commit/97af3d663fd22343129e8364d601640649d9eaea"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190307-0006","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190307-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190307-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190307-0006/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"http://www.ocert.org/advisories/ocert-2016-001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ocert.org/advisories/ocert-2016-001.html"},{"reference_url":"http://www.securityfocus.com/bid/90945","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/90945"},{"reference_url":"http://www.zerodayinitiative.com/advisories/ZDI-16-362","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.zerodayinitiative.com/advisories/ZDI-16-362"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340205","reference_id":"1340205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:m0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:m0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:m0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:m1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:m1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:m1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4800","reference_id":"CVE-2016-4800","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4800"},{"reference_url":"https://github.com/advisories/GHSA-872g-2h8h-362q","reference_id":"GHSA-872g-2h8h-362q","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-872g-2h8h-362q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/925874?format=json","purl":"pkg:deb/debian/jetty9@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925875?format=json","purl":"pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925873?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925877?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925876?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104201?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie"}],"aliases":["CVE-2016-4800","GHSA-872g-2h8h-362q"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r725-4tby-87f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30273?format=json","vulnerability_id":"VCID-sshg-yscz-afga","summary":"Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit\n### Original Report\n\nIn Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.\n\n### Impact\nRemote peers can cause the JVM to crash or continuously report OOM.\n\n### Patches\n12.0.17\n\n### Workarounds\nNo workarounds.\n\n### References\nhttps://github.com/jetty/jetty.project/issues/12690","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1948.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1948.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1948","reference_id":"","reference_type":"","scores":[{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.64599","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69003","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68806","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68828","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68814","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68785","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68826","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68836","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68863","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68875","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68854","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68897","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68932","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68898","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68924","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68977","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68989","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68737","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68757","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68787","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1948"},{"reference_url":"https://github.com/jetty/jetty.project","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project"},{"reference_url":"https://github.com/jetty/jetty.project/commit/c8c2515936ef968dc8a3cecd9e79d1e69291e4bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project/commit/c8c2515936ef968dc8a3cecd9e79d1e69291e4bb"},{"reference_url":"https://github.com/jetty/jetty.project/issues/12690","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jetty/jetty.project/issues/12690"},{"reference_url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:31:29Z/"}],"url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"},{"reference_url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/56","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:31:29Z/"}],"url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1948","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2365137","reference_id":"2365137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2365137"},{"reference_url":"https://github.com/advisories/GHSA-889j-63jv-qhr8","reference_id":"GHSA-889j-63jv-qhr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-889j-63jv-qhr8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10092","reference_id":"RHSA-2025:10092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10097","reference_id":"RHSA-2025:10097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10098","reference_id":"RHSA-2025:10098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10104","reference_id":"RHSA-2025:10104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10118","reference_id":"RHSA-2025:10118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10119","reference_id":"RHSA-2025:10119","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10120","reference_id":"RHSA-2025:10120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13274","reference_id":"RHSA-2025:13274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7696","reference_id":"RHSA-2025:7696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/925874?format=json","purl":"pkg:deb/debian/jetty9@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925875?format=json","purl":"pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925873?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925877?format=json","purl":"pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925876?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104201?format=json","purl":"pkg:deb/debian/jetty9@9.4.58-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie"}],"aliases":["CVE-2025-1948","GHSA-889j-63jv-qhr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sshg-yscz-afga"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie"}