Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-q54z-9km5-7bf3

Summary In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.

Aliases

alias	CVE-2018-12538

alias	GHSA-mwcx-532g-8pq3

Fixed_packages

url	pkg:deb/debian/jetty9@0?distro=trixie
purl	pkg:deb/debian/jetty9@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.58-2?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.58-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

Affected_packages

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.0

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6uhn-tn81-cyac

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-dznb-x27e-kqan

vulnerability	VCID-kh4j-dvmk-akaz

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.0

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20161208

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20161208

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20161208

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20170120

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20170120

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20170120

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20170220

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20170220

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20170220

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20170414

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20170414

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20170414

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20170502

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20170502

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-dznb-x27e-kqan

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20170502

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20170531

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20170531

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20170531

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.RC0

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.RC0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.RC0

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20170914

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20170914

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20170914

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20171121

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20171121

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20171121

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.9.v20180320

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.9.v20180320

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.9.v20180320

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC0

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC0

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC1

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC1

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.v20180503

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.v20180503

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9xw3-4a4u-hbbb

vulnerability	VCID-ahev-zdjd-gqg1

vulnerability	VCID-czhb-gqt2-17av

vulnerability	VCID-kvqz-fppe-d7fe

vulnerability	VCID-kx4x-gnk4-yugu

vulnerability	VCID-nubz-xqaw-tkfr

vulnerability	VCID-nyxu-ekhs-gyb5

vulnerability	VCID-prd3-mmuv-n3dc

vulnerability	VCID-q35p-8qhp-aqec

vulnerability	VCID-q3k2-1x5q-buhy

vulnerability	VCID-q54z-9km5-7bf3

vulnerability	VCID-u2b5-uyd6-fbh9

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-y3mv-vmwd-tydt

vulnerability	VCID-znv6-77jf-v3gu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.v20180503

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12538.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12538.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12538

reference_id

reference_type

scores

value	0.00515
scoring_system	epss
scoring_elements	0.66796
published_at	2026-05-14T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66731
published_at	2026-05-12T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66712
published_at	2026-05-11T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66639
published_at	2026-04-16T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66596
published_at	2026-04-04T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66568
published_at	2026-04-07T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66616
published_at	2026-04-08T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66629
published_at	2026-04-09T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66648
published_at	2026-04-11T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66636
published_at	2026-04-12T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66603
published_at	2026-04-13T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66654
published_at	2026-04-18T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66738
published_at	2026-05-09T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66697
published_at	2026-05-07T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66653
published_at	2026-05-05T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66678
published_at	2026-04-29T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66679
published_at	2026-04-26T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66665
published_at	2026-04-24T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66532
published_at	2026-04-01T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.6664
published_at	2026-04-21T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66571
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12538

reference_url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018

reference_url

https://github.com/advisories/GHSA-mwcx-532g-8pq3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-mwcx-532g-8pq3

reference_url	https://github.com/eclipse/jetty.project/commit/a0b8321ef452dddff9bc6c14e3ac0108239bfa2c
reference_id
reference_type
scores
url	https://github.com/eclipse/jetty.project/commit/a0b8321ef452dddff9bc6c14e3ac0108239bfa2c

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20181014-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181014-0001

reference_url	https://security.netapp.com/advisory/ntap-20181014-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20181014-0001/

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

http://www.securitytracker.com/id/1041194

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041194

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1595453
reference_id	1595453
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1595453

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty::::::::
reference_id	cpe:2.3:a:eclipse:jetty::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:::::::*
reference_id	cpe:2.3:a:netapp:element_software:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:::::::*
reference_id	cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
reference_id	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*
reference_id	cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hyper_converged_infrastructure:-:::::::*
reference_id	cpe:2.3:a:netapp:hyper_converged_infrastructure:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hyper_converged_infrastructure:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_system_manager::::::::
reference_id	cpe:2.3:a:netapp:oncommand_system_manager::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_system_manager::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:::::::*
reference_id	cpe:2.3:a:netapp:oncommand_unified_manager:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*
reference_id	cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:::::::*
reference_id	cpe:2.3:a:netapp:snapcenter:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
reference_id	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snap_creator_framework:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:::::::*
reference_id	cpe:2.3:a:netapp:snapmanager:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12538

reference_id

CVE-2018-12538

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12538

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	384
name	Session Fixation
description	Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	6
name	J2EE Misconfiguration: Insufficient Session-ID Length
description	The J2EE application is configured to use an insufficient session ID length.

cwe_id	287
name	Improper Authentication
description	When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Exploits

Severity_range_score 5.6 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q54z-9km5-7bf3

Vulnerability Instance