VulnerableCode Package Details - pkg:deb/debian/jetty9@9.4.39-3%2Bdeb11u2

Search for packages

Package details: pkg:deb/debian/jetty9@9.4.39-3%2Bdeb11u2

Essentials
History (3)

purl	pkg:deb/debian/jetty9@9.4.39-3%2Bdeb11u2
Tags	Ghost

Next non-vulnerable version	9.4.57-0+deb12u1
Latest non-vulnerable version	9.4.57-1
Risk	10.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-1pjh-3upb-aaaq Aliases: CVE-2023-36478 GHSA-wgh7-54f2-x98r	HTTP/2 HPACK integer overflow and buffer allocation	9.4.50-1~bpo11+1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.4.50-4+deb11u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.4.50-4+deb12u2 Affected by 0 other vulnerabilities.
VCID-6y3x-kyj7-aaaf Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.	9.4.50-1~bpo11+1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.4.50-4+deb11u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.4.50-4+deb12u2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1pjh-3upb-aaaq
Aliases:
CVE-2023-36478
GHSA-wgh7-54f2-x98r

HTTP/2 HPACK integer overflow and buffer allocation

9.4.50-1~bpo11+1
Affected by 7 other vulnerabilities.

9.4.50-4+deb11u2
Affected by 4 other vulnerabilities.

9.4.50-4+deb12u2
Affected by 0 other vulnerabilities.

VCID-6y3x-kyj7-aaaf
Aliases:
CVE-2023-44487
GHSA-qppj-fm5r-hxr3
VSV00013

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

9.4.50-1~bpo11+1
Affected by 7 other vulnerabilities.

9.4.50-4+deb11u2
Affected by 4 other vulnerabilities.

9.4.50-4+deb12u2
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-01-12T13:32:43.754895+00:00	Debian Importer	Affected by	VCID-1pjh-3upb-aaaq	None	34.0.0rc2
2024-01-05T09:53:27.565783+00:00	Debian Importer	Affected by	VCID-6y3x-kyj7-aaaf	None	34.0.0rc1
2024-01-05T09:07:52.942232+00:00	Debian Importer	Affected by	VCID-1pjh-3upb-aaaq	None	34.0.0rc1