Improper Hostname Detection in Eclipse Jetty Affects Multiple Versions
CVE-2022-2047

2.7LOW

Key Information:

Vendor

The Eclipse Foundation

Status
Eclipse Jetty
Vendor
CVE Published:
7 July 2022

What is CVE-2022-2047?

In Eclipse Jetty versions 9.4.0 through 9.4.46, 10.0.0 through 10.0.9, and 11.0.0 through 11.0.9, a vulnerability exists in how the Jetty HttpURI class processes the authority segment of an HTTP scheme URI. This flaw allows the system to misinterpret invalid input as a valid hostname, leading to potential failures during proxy operations. This issue can disrupt normal functionality and may expose systems to further exploitation in specific scenarios.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Eclipse Jetty 9.4.0

Eclipse Jetty <= 9.4.46

Eclipse Jetty 10.0.0

References

https://github.com/eclipse/jetty.project/security/advisor...
x_refsource_CONFIRM
https://www.debian.org/security/2022/dsa-5198
vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022/08/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.