Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-5115 (GCVE-0-2025-5115)
Vulnerability from cvelistv5 – Published: 2025-08-20 19:07 – Updated: 2025-11-04 21:11
VLAI
EPSS
Title
MadeYouReset HTTP/2 vulnerability
Summary
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.
For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.
Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.
The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.
The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.
Links:
* https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h
Severity
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/jetty/jetty.project/security/a… | issue-tracking |
| https://github.com/jetty/jetty.project/pull/13449 | patch |
| https://github.com/jetty/jetty.project/releases/t… | release-notes |
| https://github.com/jetty/jetty.project/releases/t… | release-notes |
| https://github.com/jetty/jetty.project/releases/t… | release-notes |
| https://github.com/jetty/jetty.project/releases/t… | release-notes |
| https://github.com/jetty/jetty.project/releases/t… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Jetty | Eclipse Jetty |
Affected:
>=9.3.0 , ≤ <=9.4.57
(semver)
Affected: >=10.0.0 , ≤ <=10.0.25 (semver) Affected: >=11.0.0 , ≤ <=11.0.25 (semver) Affected: >=12.0.0 , ≤ <=12.0.21 (semver) Affected: >=12.1.0.alpha0 , ≤ <=12.1.0.alpha2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T19:28:04.700843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T19:28:12.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:11:37.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00014.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/767506"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/17/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/20/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "pkg:maven/org.eclipse.jetty.http2/http2-common",
"product": "Eclipse Jetty",
"repo": "https://github.com/jetty/jetty.project",
"vendor": "Eclipse Jetty",
"versions": [
{
"lessThanOrEqual": "\u003c=9.4.57",
"status": "affected",
"version": "\u003e=9.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.0.25",
"status": "affected",
"version": "\u003e=10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=11.0.25",
"status": "affected",
"version": "\u003e=11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=12.0.21",
"status": "affected",
"version": "\u003e=12.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=12.1.0.alpha2",
"status": "affected",
"version": "\u003e=12.1.0.alpha0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eIn Eclipse Jetty, versions \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\u003c/p\u003e\n\u003cp\u003eFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update\"\u003e\u003c/a\u003e, the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\u003c/p\u003e\n\u003cp\u003eThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\u003c/p\u003e\n\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\"\u003ehttps://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T10:36:49.477Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"tags": [
"patch"
],
"url": "https://github.com/jetty/jetty.project/pull/13449"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MadeYouReset HTTP/2 vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-5115",
"datePublished": "2025-08-20T19:07:11.546Z",
"dateReserved": "2025-05-23T08:55:59.861Z",
"dateUpdated": "2025-11-04T21:11:37.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-5115",
"date": "2026-05-29",
"epss": "0.00529",
"percentile": "0.67464"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-5115\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2025-08-20T20:15:33.377\",\"lastModified\":\"2026-01-27T19:23:52.020\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\\n\\n\\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\\n\\n\\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\\n\\n\\n\\nLinks:\\n\\n\\n\\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\"},{\"lang\":\"es\",\"value\":\"En Eclipse Jetty, versiones \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, un cliente HTTP/2 puede provocar que el servidor env\u00ede tramas RST_STREAM, por ejemplo, enviando tramas con formato incorrecto o que no deber\u00edan enviarse en un estado de flujo espec\u00edfico, lo que obliga al servidor a consumir recursos como CPU y memoria. Por ejemplo, un cliente puede abrir un flujo y luego enviar tramas WINDOW_UPDATE con un incremento de tama\u00f1o de ventana de 0, lo cual es ilegal. Seg\u00fan la especificaci\u00f3n https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update, el servidor debe enviar una trama RST_STREAM. El cliente ahora puede abrir otra transmisi\u00f3n y enviar otra WINDOW_UPDATE incorrecta, lo que provoca que el servidor consuma m\u00e1s recursos de los necesarios. En este caso, no se supera el n\u00famero m\u00e1ximo de transmisiones simult\u00e1neas, pero el cliente puede crear una enorme cantidad de transmisiones en poco tiempo. El ataque puede ejecutarse con otras condiciones (por ejemplo, una trama DATA para una transmisi\u00f3n cerrada) que provocan que el servidor env\u00ede una trama RST_STREAM. Enlaces: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.0\",\"versionEndIncluding\":\"9.4.57\",\"matchCriteriaId\":\"8F512BB3-9D38-43E0-9962-876DA3232AE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.0.25\",\"matchCriteriaId\":\"CDD3D394-58B1-4E91-8F5C-E343F6EB4108\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.0.25\",\"matchCriteriaId\":\"5B8C48CF-A987-4C4C-A1B5-8E6B2D321DAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.0.21\",\"matchCriteriaId\":\"B535FBFA-91E1-4E8E-8731-1671DEA66413\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:12.1.0:alpha0:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E708B1F-1405-48BA-8B32-9611D491286C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:12.1.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A837B906-9792-4AFA-8391-C8A00913E1D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:12.1.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8D7F1B4-3C3F-48FF-A7F0-C5462171E6EA\"}]}]}],\"references\":[{\"url\":\"https://github.com/jetty/jetty.project/pull/13449\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/08/20/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/09/17/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/09/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/767506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/09/msg00014.html\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/767506\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/09/17/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/08/20/4\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:11:37.182Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5115\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-20T19:28:04.700843Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-20T19:28:07.991Z\"}}], \"cna\": {\"title\": \"MadeYouReset HTTP/2 vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/jetty/jetty.project\", \"vendor\": \"Eclipse Jetty\", \"product\": \"Eclipse Jetty\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e=9.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=9.4.57\"}, {\"status\": \"affected\", \"version\": \"\u003e=10.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.0.25\"}, {\"status\": \"affected\", \"version\": \"\u003e=11.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=11.0.25\"}, {\"status\": \"affected\", \"version\": \"\u003e=12.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=12.0.21\"}, {\"status\": \"affected\", \"version\": \"\u003e=12.1.0.alpha0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=12.1.0.alpha2\"}], \"packageName\": \"pkg:maven/org.eclipse.jetty.http2/http2-common\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/jetty/jetty.project/pull/13449\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\\n\\n\\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\\n\\n\\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\\n\\n\\n\\nLinks:\\n\\n\\n\\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003c/p\u003e\u003cp\u003eIn Eclipse Jetty, versions \u0026lt;=9.4.57, \u0026lt;=10.0.25, \u0026lt;=11.0.25, \u0026lt;=12.0.21, \u0026lt;=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\u003c/p\u003e\\n\u003cp\u003eFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\\nPer specification\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update\\\"\u003e\u003c/a\u003e, the server should send a RST_STREAM frame.\\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\u003c/p\u003e\\n\u003cp\u003eThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\u003c/p\u003e\\n\\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e\u003c/p\u003e\\n\u003cul\u003e\\n\u003cli\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\\\"\u003ehttps://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2025-08-21T10:36:49.477Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-5115\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T21:11:37.182Z\", \"dateReserved\": \"2025-05-23T08:55:59.861Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2025-08-20T19:07:11.546Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:16456
Vulnerability from csaf_redhat - Published: 2025-09-23 09:44 - Updated: 2026-04-30 13:32Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.17 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.17. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
(CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.17. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n(CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16456",
"url": "https://access.redhat.com/errata/RHSA-2025:16456"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16456.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.17 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-04-30T13:32:47+00:00",
"generator": {
"date": "2026-04-30T13:32:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2025:16456",
"initial_release_date": "2025-09-23T09:44:51+00:00",
"revision_history": [
{
"date": "2025-09-23T09:44:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:44:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:32:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.17",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758259817-3.el9.src",
"product": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.src",
"product_id": "jenkins-0:2.516.3.1758259817-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758259817-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.17.1758260106-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"product_id": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758259817-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.17.1758260106-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758259817-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758259817-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src"
},
"product_reference": "jenkins-0:2.516.3.1758259817-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.17",
"product_id": "9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.17.1758260106-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:44:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16456"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-0:2.516.3.1758259817-3.el9.src",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.noarch",
"9Base-OCP-Tools-4.17:jenkins-2-plugins-0:4.17.1758260106-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
RHSA-2025:16457
Vulnerability from csaf_redhat - Published: 2025-09-23 09:44 - Updated: 2026-04-30 13:32Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.16. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.16. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16457",
"url": "https://access.redhat.com/errata/RHSA-2025:16457"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16457.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-04-30T13:32:49+00:00",
"generator": {
"date": "2026-04-30T13:32:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2025:16457",
"initial_release_date": "2025-09-23T09:44:56+00:00",
"revision_history": [
{
"date": "2025-09-23T09:44:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:44:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:32:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.16",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758336945-3.el9.src",
"product": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.src",
"product_id": "jenkins-0:2.516.3.1758336945-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758336945-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.16.1758337173-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"product_id": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758336945-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.16.1758337173-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758336945-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758336945-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src"
},
"product_reference": "jenkins-0:2.516.3.1758336945-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.16.1758337173-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:44:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16457"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.516.3.1758336945-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1758337173-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
RHSA-2025:16459
Vulnerability from csaf_redhat - Published: 2025-09-23 09:47 - Updated: 2026-04-30 13:32Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16459",
"url": "https://access.redhat.com/errata/RHSA-2025:16459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16459.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-04-30T13:32:50+00:00",
"generator": {
"date": "2026-04-30T13:32:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2025:16459",
"initial_release_date": "2025-09-23T09:47:46+00:00",
"revision_history": [
{
"date": "2025-09-23T09:47:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T09:47:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:32:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758299374-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758299374-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758299374-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1758299735-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758299374-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1758299735-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758299374-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758299374-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758299374-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.12.1758299735-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T09:47:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16459"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.516.3.1758299374-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1758299735-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
RHSA-2025:16460
Vulnerability from csaf_redhat - Published: 2025-09-23 10:09 - Updated: 2026-04-30 13:32Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16460",
"url": "https://access.redhat.com/errata/RHSA-2025:16460"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16460.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-04-30T13:32:50+00:00",
"generator": {
"date": "2026-04-30T13:32:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2025:16460",
"initial_release_date": "2025-09-23T10:09:41+00:00",
"revision_history": [
{
"date": "2025-09-23T10:09:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T10:09:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:32:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758298953-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758298953-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758298953-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1758299004-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758298953-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1758299004-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758298953-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758298953-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758298953-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.13.1758299004-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T10:09:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16460"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.516.3.1758298953-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1758299004-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
RHSA-2025:16461
Vulnerability from csaf_redhat - Published: 2025-09-23 10:10 - Updated: 2026-04-30 13:32Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16461",
"url": "https://access.redhat.com/errata/RHSA-2025:16461"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16461.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-04-30T13:32:50+00:00",
"generator": {
"date": "2026-04-30T13:32:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2025:16461",
"initial_release_date": "2025-09-23T10:10:12+00:00",
"revision_history": [
{
"date": "2025-09-23T10:10:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T10:10:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:32:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.14::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302106-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758302106-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302106-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1758302383-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302106-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1758302383-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758302106-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302106-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758302106-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.14.1758302383-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T10:10:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16461"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.516.3.1758302106-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1758302383-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
RHSA-2025:16462
Vulnerability from csaf_redhat - Published: 2025-09-23 10:09 - Updated: 2026-04-30 13:32Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is
vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-5115)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is\nvulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-5115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16462",
"url": "https://access.redhat.com/errata/RHSA-2025:16462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16462.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-04-30T13:32:52+00:00",
"generator": {
"date": "2026-04-30T13:32:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2025:16462",
"initial_release_date": "2025-09-23T10:09:56+00:00",
"revision_history": [
{
"date": "2025-09-23T10:09:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-23T10:09:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:32:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.15::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302665-3.el8.src",
"product": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.src",
"product_id": "jenkins-0:2.516.3.1758302665-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302665-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1758303157-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"product": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"product_id": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.516.3.1758302665-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1758303157-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch"
},
"product_reference": "jenkins-0:2.516.3.1758302665-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.516.3.1758302665-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src"
},
"product_reference": "jenkins-0:2.516.3.1758302665-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.15.1758303157-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-23T10:09:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16462"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.516.3.1758302665-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1758303157-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
RHSA-2025:16989
Vulnerability from csaf_redhat - Published: 2025-09-29 17:36 - Updated: 2026-04-23 04:15Summary
Red Hat Security Advisory: Red Hat Offline Knowledge Portal update
Severity
Important
Notes
Topic: Red Hat Offline Knowledge Portal update
Details: This is an update for the Red Hat Offline Knowledge portal that updates the content as of 25 Sep 2025. It also contains a mitigation for CVE-2025-5115, as well as small fix for the CVE and Errata search applications that adds a trailing slash to search result links that removes an Apache redirect that automatically adds trailing slashes to URLs.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Offline Knowledge Portal update",
"title": "Topic"
},
{
"category": "general",
"text": "This is an update for the Red Hat Offline Knowledge portal that updates the content as of 25 Sep 2025. It also contains a mitigation for CVE-2025-5115, as well as small fix for the CVE and Errata search applications that adds a trailing slash to search result links that removes an Apache redirect that automatically adds trailing slashes to URLs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16989",
"url": "https://access.redhat.com/errata/RHSA-2025:16989"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/red-hat-offline-knowledge-portal",
"url": "https://access.redhat.com/products/red-hat-offline-knowledge-portal"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5115",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-5115/",
"url": "https://access.redhat.com/security/cve/cve-2025-5115/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1.0"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16989.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Offline Knowledge Portal update",
"tracking": {
"current_release_date": "2026-04-23T04:15:13+00:00",
"generator": {
"date": "2026-04-23T04:15:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:16989",
"initial_release_date": "2025-09-29T17:36:18+00:00",
"revision_history": [
{
"date": "2025-09-29T17:36:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-29T17:36:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-23T04:15:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Offline Knowledge Portal 1.1.10",
"product": {
"name": "Red Hat Offline Knowledge Portal 1.1.10",
"product_id": "Red Hat Offline Knowledge Portal 1.1.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:offline_knowledge_portal:1.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Offline Knowledge Portal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"product": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"product_id": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhokp-rhel9@sha256%3A31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78?arch=amd64\u0026repository_url=registry.redhat.io/offline-knowledge-portal\u0026tag=1.1.2-1759166862"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"product": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"product_id": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhokp-rhel9@sha256%3A7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd?arch=arm64\u0026repository_url=registry.redhat.io/offline-knowledge-portal\u0026tag=1.1.2-1759166862"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64 as a component of Red Hat Offline Knowledge Portal 1.1.10",
"product_id": "Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64"
},
"product_reference": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"relates_to_product_reference": "Red Hat Offline Knowledge Portal 1.1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64 as a component of Red Hat Offline Knowledge Portal 1.1.10",
"product_id": "Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
},
"product_reference": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64",
"relates_to_product_reference": "Red Hat Offline Knowledge Portal 1.1.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-29T17:36:18+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command. A satellite subscription is required to download and use this product.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16989"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:31830a6c2976a2336f946569f10bd7d93d5a662666014e2be846311b12d2fa78_amd64",
"Red Hat Offline Knowledge Portal 1.1.10:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:7d3aed2d9f40ed84bf0b9fb71d336780a3668c0f9d29cc29ee7e11bccf7ef7bd_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
}
]
}
RHSA-2025:17567
Vulnerability from csaf_redhat - Published: 2025-10-08 14:48 - Updated: 2026-04-30 13:32Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.13.2 release and security update
Severity
Important
Notes
Topic: Red Hat AMQ Broker 7.13.2 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.13.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* (CVE-2025-5115) jetty-http2-server: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
* (CVE-2025-5115) jetty-http2-hpack: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
* (CVE-2025-5115) jetty-http2-common: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
* (CVE-2025-27533) activemq-openwire-legacy: ActiveMQ: Unvalidated Buffer Size Allocation
* (CVE-2025-58056) netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
* (CVE-2025-58056) netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7.13.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Apache ActiveMQ. This vulnerability allows denial of service by depleting process memory via unmarshalling OpenWire commands without proper size validation when not using mutual TLS connections.
4.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7.13.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7.13.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.13.2 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.13.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2025-5115) jetty-http2-server: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n* (CVE-2025-5115) jetty-http2-hpack: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n* (CVE-2025-5115) jetty-http2-common: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n* (CVE-2025-27533) activemq-openwire-legacy: ActiveMQ: Unvalidated Buffer Size Allocation\n* (CVE-2025-58056) netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions\n* (CVE-2025-58056) netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:17567",
"url": "https://access.redhat.com/errata/RHSA-2025:17567"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification#important",
"url": "https://access.redhat.com/security/updates/classification#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.13.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.13.2"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13",
"url": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13"
},
{
"category": "external",
"summary": "2364684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364684"
},
{
"category": "external",
"summary": "2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "ENTMQBR-10093",
"url": "https://issues.redhat.com/browse/ENTMQBR-10093"
},
{
"category": "external",
"summary": "ENTMQBR-10099",
"url": "https://issues.redhat.com/browse/ENTMQBR-10099"
},
{
"category": "external",
"summary": "ENTMQBR-9917",
"url": "https://issues.redhat.com/browse/ENTMQBR-9917"
},
{
"category": "external",
"summary": "ENTMQBR-9921",
"url": "https://issues.redhat.com/browse/ENTMQBR-9921"
},
{
"category": "external",
"summary": "ENTMQBR-9932",
"url": "https://issues.redhat.com/browse/ENTMQBR-9932"
},
{
"category": "external",
"summary": "ENTMQBR-9933",
"url": "https://issues.redhat.com/browse/ENTMQBR-9933"
},
{
"category": "external",
"summary": "ENTMQBR-9934",
"url": "https://issues.redhat.com/browse/ENTMQBR-9934"
},
{
"category": "external",
"summary": "ENTMQBR-9936",
"url": "https://issues.redhat.com/browse/ENTMQBR-9936"
},
{
"category": "external",
"summary": "ENTMQBR-9947",
"url": "https://issues.redhat.com/browse/ENTMQBR-9947"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17567.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.13.2 release and security update",
"tracking": {
"current_release_date": "2026-04-30T13:32:52+00:00",
"generator": {
"date": "2026-04-30T13:32:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2025:17567",
"initial_release_date": "2025-10-08T14:48:34+00:00",
"revision_history": [
{
"date": "2025-10-08T14:48:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-08T14:48:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:32:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Broker 7.13.2",
"product": {
"name": "Red Hat AMQ Broker 7.13.2",
"product_id": "Red Hat AMQ Broker 7.13.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:43:44.656000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "RHBZ#2373310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-08T14:48:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17567"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AMQ Broker 7.13.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2025-05-07T10:00:42.526701+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2364684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache ActiveMQ. This vulnerability allows denial of service by depleting process memory via unmarshalling OpenWire commands without proper size validation when not using mutual TLS connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ActiveMQ: ActiveMQ: Unvalidated Buffer Size Allocation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27533"
},
{
"category": "external",
"summary": "RHBZ#2364684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27533",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27533"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/05/06/1",
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg",
"url": "https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg"
}
],
"release_date": "2025-05-07T08:59:00.249000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-08T14:48:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17567"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ActiveMQ: ActiveMQ: Unvalidated Buffer Size Allocation"
},
{
"cve": "CVE-2025-58056",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-09-03T21:01:22.935850+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392996"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "RHBZ#2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
},
{
"category": "external",
"summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
"url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
"url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/issues/15522",
"url": "https://github.com/netty/netty/issues/15522"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/pull/15611",
"url": "https://github.com/netty/netty/pull/15611"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
"url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
}
],
"release_date": "2025-09-03T20:56:50.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-08T14:48:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17567"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
"product_ids": [
"Red Hat AMQ Broker 7.13.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
}
]
}
SUSE-SU-2025:02993-1
Vulnerability from csaf_suse - Published: 2025-09-01 14:04 - Updated: 2025-09-01 14:04Summary
Security update for jetty-minimal
Severity
Important
Notes
Title of the patch: Security update for jetty-minimal
Description of the patch: This update for jetty-minimal fixes the following issues:
Upgraded to version 9.4.58.v20250814:
- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)
Patchnames: SUSE-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2993,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2993,SUSE-Storage-7.1-2025-2993,openSUSE-SLE-15.6-2025-2993
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
138 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jetty-minimal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jetty-minimal fixes the following issues:\n\nUpgraded to version 9.4.58.v20250814:\n- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2993,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2993,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2993,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2993,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2993,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2993,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2993,SUSE-Storage-7.1-2025-2993,openSUSE-SLE-15.6-2025-2993",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02993-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02993-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502993-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02993-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022294.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244252",
"url": "https://bugzilla.suse.com/1244252"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5115/"
}
],
"title": "Security update for jetty-minimal",
"tracking": {
"current_release_date": "2025-09-01T14:04:07Z",
"generator": {
"date": "2025-09-01T14:04:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02993-1",
"initial_release_date": "2025-09-01T14:04:07Z",
"revision_history": [
{
"date": "2025-09-01T14:04:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-annotations-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-ant-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-cdi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-continuation-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-deploy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-fcgi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-spi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-io-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jaas-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jmx-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jndi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jsp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-openid-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-plus-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-project-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-proxy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-quickstart-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-rewrite-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-security-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlets-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-start-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-webapp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-xml-9.4.58-150200.3.34.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-project-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-start-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5115"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5115",
"url": "https://www.suse.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1244252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Enterprise Storage 7.1:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.34.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-01T14:04:07Z",
"details": "important"
}
],
"title": "CVE-2025-5115"
}
]
}
SUSE-SU-2025:02993-2
Vulnerability from csaf_suse - Published: 2025-09-01 14:04 - Updated: 2025-09-01 14:04Summary
Security update for jetty-minimal
Severity
Important
Notes
Title of the patch: Security update for jetty-minimal
Description of the patch: This update for jetty-minimal fixes the following issues:
Upgraded to version 9.4.58.v20250814:
- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)
Patchnames: SUSE-2025-2993,openSUSE-SLE-15.6-2025-2993
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jetty-minimal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jetty-minimal fixes the following issues:\n\nUpgraded to version 9.4.58.v20250814:\n- CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2993,openSUSE-SLE-15.6-2025-2993",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02993-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02993-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502993-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02993-2",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041479.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244252",
"url": "https://bugzilla.suse.com/1244252"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5115/"
}
],
"title": "Security update for jetty-minimal",
"tracking": {
"current_release_date": "2025-09-01T14:04:07Z",
"generator": {
"date": "2025-09-01T14:04:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02993-2",
"initial_release_date": "2025-09-01T14:04:07Z",
"revision_history": [
{
"date": "2025-09-01T14:04:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-annotations-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-ant-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-cdi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-continuation-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-deploy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-fcgi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-http-spi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-io-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jaas-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jmx-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jndi-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-jsp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-openid-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-plus-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-project-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-proxy-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-quickstart-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-rewrite-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-security-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-servlets-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-start-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-webapp-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"product_id": "jetty-xml-9.4.58-150200.3.34.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-annotations-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-ant-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-cdi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-deploy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jaas-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jmx-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jndi-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-jsp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-openid-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-plus-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-project-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-proxy-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-servlets-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-start-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-webapp-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.58-150200.3.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
},
"product_reference": "jetty-xml-9.4.58-150200.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5115"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty, versions \u003c=9.4.57, \u003c=10.0.25, \u003c=11.0.25, \u003c=12.0.21, \u003c=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory.\n\n\nFor example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal.\nPer specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame.\nThe client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time.\n\n\nThe attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame.\n\n\n\nLinks:\n\n\n\n * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5115",
"url": "https://www.suse.com/security/cve/CVE-2025-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-5115",
"url": "https://bugzilla.suse.com/1244252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6:jetty-annotations-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-ant-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-cdi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-continuation-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-deploy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-fcgi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-http-spi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-io-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jaas-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-client-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-javax-websocket-server-impl-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jmx-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jndi-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-jsp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-openid-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-plus-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-project-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-proxy-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-quickstart-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-rewrite-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-security-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-servlets-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-start-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-util-ajax-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-webapp-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-api-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-client-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-common-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-javadoc-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-server-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-websocket-servlet-9.4.58-150200.3.34.1.noarch",
"openSUSE Leap 15.6:jetty-xml-9.4.58-150200.3.34.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-01T14:04:07Z",
"details": "important"
}
],
"title": "CVE-2025-5115"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…