In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
References
Link | Resource |
---|---|
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220901-0006/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5198 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: eclipse
Published: 2022-07-07T20:45:12
Updated: 2022-09-01T13:06:30
Reserved: 2022-06-09T00:00:00
Link: CVE-2022-2047
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-07T21:15:10.093
Modified: 2022-10-25T19:10:41.220
Link: CVE-2022-2047
JSON object: View
Redhat Information
No data.
CWE