ID de Prueba:	1.3.6.1.4.1.25623.1.0.149570
Categoría:	Web Servers
Título:	Eclipse Jetty Multiple Vulnerabilities (GHSA-qw69-rqj8-6qw8, GHSA-p26g-97m4-6q7c) - Windows
Resumen:	Eclipse Jetty is prone to multiple vulnerabilities.
Descripción:	Summary: Eclipse Jetty is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2023-26048: OutOfMemoryError for large multipart without filename read via request.getParameter() - CVE-2023-26049: Cookie parsing of quoted values can exfiltrate values from other cookies Affected Software/OS: Eclipse Jetty version 9.4.50 and prior, version 10.0.x through 10.0.13 and 11.0.x through 11.0.13. Solution: Update to version 9.4.51, 10.0.14, 11.0.14 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-26048 Debian Security Information: DSA-5507 (Google Search) https://www.debian.org/security/2023/dsa-5507 https://github.com/eclipse/jetty.project/issues/9076 https://github.com/eclipse/jetty.project/pull/9344 https://github.com/eclipse/jetty.project/pull/9345 https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8 https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html Common Vulnerability Exposure (CVE) ID: CVE-2023-26049 https://github.com/eclipse/jetty.project/pull/9339 https://github.com/eclipse/jetty.project/pull/9352 https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c https://www.rfc-editor.org/rfc/rfc2965 https://www.rfc-editor.org/rfc/rfc6265
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.