Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2047

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

Published

2022-07-07T21:15:10.093

Last Modified

2024-11-21T07:00:13.840

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.7 (LOW)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application eclipse jetty < 9.4.46 Yes
Application eclipse jetty < 10.0.9 Yes
Application eclipse jetty ≤ 11.0.9 Yes
Operating System debian debian_linux 10.0 Yes
Operating System debian debian_linux 11.0 Yes
Application netapp element_plug-in_for_vcenter_server - Yes
Application netapp management_services_for_element_software_and_netapp_hci - Yes
Application netapp snapcenter - Yes
Application netapp solidfire_\&_hci_storage_node - Yes
Hardware netapp hci_compute_node - Yes
References