HTTP request smuggling In jetty9
Description
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), contain an HTTP Request Smuggling Vulnerability that can result in cache poisoning.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 12 | 9.2.25-1 | ||
debian 13 | 9.2.25-1 | ||
debian 14 | 9.2.25-1 | ||
 maven | 9.3.24.v20180605, 9.4.11.v20180605 | ||
debian 11 | 9.2.25-1 | ||
 rpm rhel7 | - | - | |
rpm rhel6 | - | - |
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.