Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-2332 (GCVE-0-2026-2332)
Vulnerability from cvelistv5 – Published: 2026-04-14 10:59 – Updated: 2026-04-15 03:58
VLAI
EPSS
Title
HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
Summary
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here:
* https://w4ke.info/2025/06/18/funky-chunks.html
* https://w4ke.info/2025/10/29/funky-chunks-2.html
Jetty terminates chunk extension parsing at \r\n inside quoted strings instead of treating this as an error.
POST / HTTP/1.1
Host: localhost
Transfer-Encoding: chunked
1;ext="val
X
0
GET /smuggled HTTP/1.1
...
Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.
Severity
7.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-444 - Inconsistent interpretation of HTTP requests ('HTTP Request/Response smuggling')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/jetty/jetty.project/security/a… | third-party-advisory |
| https://gitlab.eclipse.org/security/cve-assignmen… | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Eclipse Jetty |
Affected:
12.1.0 , ≤ 12.1.6
(semver)
Affected: 12.0.0 , ≤ 12.0.32 (semver) Affected: 11.0.0 , ≤ 11.0.27 (semver) Affected: 10.0.0 , ≤ 10.0.27 (semver) Affected: 9.4.0 , ≤ 9.4.59 (semver) |
Credits
https://github.com/xclow3n
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2332",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:12.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "pkg://maven/org.eclipse.jetty/jetty-http",
"product": "Eclipse Jetty",
"repo": "https://github.com/jetty/jetty.project",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "12.1.6",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.32",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.27",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.4.59",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "https://github.com/xclow3n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003ehttps://w4ke.info/2025/06/18/funky-chunks.html\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003ehttps://w4ke.info/2025/10/29/funky-chunks-2.html\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003eJetty terminates chunk extension parsing at\u0026nbsp;\u003ccode\u003e\\r\\n\u003c/code\u003e\u0026nbsp;inside quoted strings instead of treating this as an error.\u003cbr\u003e\u003cbr\u003e\n\u003cpre\u003ePOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\u003c/pre\u003e\n\n\u003cdiv\u003e\u003cbr\u003eNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at\u00a0\\r\\n\u00a0inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent interpretation of HTTP requests (\u0027HTTP Request/Response smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T10:59:10.193Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTTP Request Smuggling via Chunked Extension Quoted-String Parsing",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2026-2332",
"datePublished": "2026-04-14T10:59:10.193Z",
"dateReserved": "2026-02-11T09:56:25.879Z",
"dateUpdated": "2026-04-15T03:58:12.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-2332",
"date": "2026-06-05",
"epss": "0.00021",
"percentile": "0.05994"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-2332\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2026-04-14T12:16:21.333\",\"lastModified\":\"2026-05-01T13:31:00.310\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \\\"funky chunks\\\" techniques outlined here:\\n * https://w4ke.info/2025/06/18/funky-chunks.html\\n\\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\\n\\n\\nJetty terminates chunk extension parsing at\u00a0\\\\r\\\\n\u00a0inside quoted strings instead of treating this as an error.\\n\\n\\nPOST / HTTP/1.1\\nHost: localhost\\nTransfer-Encoding: chunked\\n\\n1;ext=\\\"val\\nX\\n0\\n\\nGET /smuggled HTTP/1.1\\n...\\n\\n\\n\\n\\n\\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.60\",\"matchCriteriaId\":\"E0FB149B-EF33-4A51-9B96-030899E250CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.28\",\"matchCriteriaId\":\"361D419A-7A89-439A-99B1-D34E9914BAE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.28\",\"matchCriteriaId\":\"7020D8E5-61DD-4DB6-82E4-EA46A96838A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.0.33\",\"matchCriteriaId\":\"E1A6095F-3D1E-40CB-A875-D41BF6C73EB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.7\",\"matchCriteriaId\":\"B5A32954-7B03-46B6-9956-54BE0F8477E8\"}]}]}],\"references\":[{\"url\":\"https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\",\"Mitigation\"]},{\"url\":\"https://gitlab.eclipse.org/security/cve-assignment/-/issues/89\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2332\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-14T13:06:34.622366Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-14T13:08:48.379Z\"}}], \"cna\": {\"title\": \"HTTP Request Smuggling via Chunked Extension Quoted-String Parsing\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"https://github.com/xclow3n\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/jetty/jetty.project\", \"vendor\": \"Eclipse Foundation\", \"product\": \"Eclipse Jetty\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"12.1.6\"}, {\"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"12.0.32\"}, {\"status\": \"affected\", \"version\": \"11.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.27\"}, {\"status\": \"affected\", \"version\": \"10.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}, {\"status\": \"affected\", \"version\": \"9.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.4.59\"}], \"packageName\": \"pkg://maven/org.eclipse.jetty/jetty-http\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://gitlab.eclipse.org/security/cve-assignment/-/issues/89\", \"tags\": [\"issue-tracking\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \\\"funky chunks\\\" techniques outlined here:\\n * https://w4ke.info/2025/06/18/funky-chunks.html\\n\\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\\n\\n\\nJetty terminates chunk extension parsing at\\u00a0\\\\r\\\\n\\u00a0inside quoted strings instead of treating this as an error.\\n\\n\\nPOST / HTTP/1.1\\nHost: localhost\\nTransfer-Encoding: chunked\\n\\n1;ext=\\\"val\\nX\\n0\\n\\nGET /smuggled HTTP/1.1\\n...\\n\\n\\n\\n\\n\\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \\\"funky chunks\\\" techniques outlined here:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003ehttps://w4ke.info/2025/06/18/funky-chunks.html\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003ehttps://w4ke.info/2025/10/29/funky-chunks-2.html\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003eJetty terminates chunk extension parsing at\u0026nbsp;\u003ccode\u003e\\\\r\\\\n\u003c/code\u003e\u0026nbsp;inside quoted strings instead of treating this as an error.\u003cbr\u003e\u003cbr\u003e\\n\u003cpre\u003ePOST / HTTP/1.1\\nHost: localhost\\nTransfer-Encoding: chunked\\n\\n1;ext=\\\"val\\nX\\n0\\n\\nGET /smuggled HTTP/1.1\\n...\\n\u003c/pre\u003e\\n\\n\u003cdiv\u003e\u003cbr\u003eNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444 Inconsistent interpretation of HTTP requests (\u0027HTTP Request/Response smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2026-04-14T10:59:10.193Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-2332\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-15T03:58:12.322Z\", \"dateReserved\": \"2026-02-11T09:56:25.879Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2026-04-14T10:59:10.193Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:20568
Vulnerability from csaf_redhat - Published: 2026-05-26 01:50 - Updated: 2026-06-05 19:45Summary
Red Hat Security Advisory: jmc security update
Severity
Important
Notes
Topic: An update for jmc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications running locally or deployed in production environments.
Security Fix(es):
* lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566)
* org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing (CVE-2026-2332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations.
7.5 (High)
Affected products
Threats
Impact
Important
A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access.
7.4 (High)
Affected products
Threats
Impact
Important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jmc is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications running locally or deployed in production environments.\n\nSecurity Fix(es):\n\n* lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566)\n\n* org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing (CVE-2026-2332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:20568",
"url": "https://access.redhat.com/errata/RHSA-2026:20568"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2419500",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419500"
},
{
"category": "external",
"summary": "2458187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458187"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20568.json"
}
],
"title": "Red Hat Security Advisory: jmc security update",
"tracking": {
"current_release_date": "2026-06-05T19:45:13+00:00",
"generator": {
"date": "2026-06-05T19:45:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:20568",
"initial_release_date": "2026-05-26T01:50:24+00:00",
"revision_history": [
{
"date": "2026-05-26T01:50:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-26T01:50:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:45:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "jmc-0:8.2.0-19.el9_8.2.src",
"product": {
"name": "jmc-0:8.2.0-19.el9_8.2.src",
"product_id": "jmc-0:8.2.0-19.el9_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jmc@8.2.0-19.el9_8.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jmc-0:8.2.0-19.el9_8.2.x86_64",
"product": {
"name": "jmc-0:8.2.0-19.el9_8.2.x86_64",
"product_id": "jmc-0:8.2.0-19.el9_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jmc@8.2.0-19.el9_8.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jmc-0:8.2.0-19.el9_8.2.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.src"
},
"product_reference": "jmc-0:8.2.0-19.el9_8.2.src",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jmc-0:8.2.0-19.el9_8.2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.x86_64"
},
"product_reference": "jmc-0:8.2.0-19.el9_8.2.x86_64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66566",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2025-12-05T19:00:50.134024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419500"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated IMPORTANT because it allows for information disclosure when Java-based decompressor implementations reuse output buffers without proper clearing, potentially exposing sensitive data via crafted compressed input. JNI-based implementations of lz4-java are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.src",
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66566"
},
{
"category": "external",
"summary": "RHBZ#2419500",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419500"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66566"
},
{
"category": "external",
"summary": "https://github.com/yawkat/lz4-java/commit/33d180cb70c4d93c80fb0dc3ab3002f457e93840",
"url": "https://github.com/yawkat/lz4-java/commit/33d180cb70c4d93c80fb0dc3ab3002f457e93840"
},
{
"category": "external",
"summary": "https://github.com/yawkat/lz4-java/security/advisories/GHSA-cmp6-m4wj-q63q",
"url": "https://github.com/yawkat/lz4-java/security/advisories/GHSA-cmp6-m4wj-q63q"
}
],
"release_date": "2025-12-05T18:10:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T01:50:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.src",
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.src",
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing"
},
{
"cve": "CVE-2026-2332",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-04-14T12:01:05.768902+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to send a crafted payload to a Jetty server that is behind a reverse proxy or load balancer, specifically with a chunk extension that includes an unclosed double quote before the CRLF to trick the parser. This flaw allows an attacker to bypass security controls, cause cache poisoning or gain unauthorized endpoint access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.src",
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2332"
},
{
"category": "external",
"summary": "RHBZ#2458187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2332",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2332"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89",
"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89"
}
],
"release_date": "2026-04-14T10:59:10.193000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T01:50:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.src",
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20568"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.src",
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.src",
"CRB-9.8.0.Z.MAIN.EUS:jmc-0:8.2.0-19.el9_8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing"
}
]
}
RHSA-2026:21773
Vulnerability from csaf_redhat - Published: 2026-05-28 22:46 - Updated: 2026-06-05 19:45Summary
Red Hat Security Advisory: Red Hat Offline Knowledge Portal security and content update
Severity
Important
Notes
Topic: Red Hat Offline Knowledge Portal security fixes, bug fixes, enhancements & content update
Details: This Red Hat Offline Knowledge Portal release upgrades from Solr 9.8.1 to Solr 10.0.0, and fixes several CVEs. It also includes content updates as of May 26 2026.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in org.eclipse.jetty. The Jetty URI parser handles invalid or unusual Uniform Resource Identifiers (URIs) differently compared to other common parsers. This discrepancy, known as differential parsing, can lead to security bypasses in systems that use multiple components to process URIs, such as when a blacklist enforcement component interprets a URI differently from a response generation component. At a minimum, this issue could unintentionally reveal internal system details.
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access.
7.4 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Log4j Core. A network-based attacker can perform a man-in-the-middle (MITM) attack, allowing them to intercept encrypted communications. This occurs when an SMTP, Socket, or Syslog appender uses Transport Layer Security (TLS) with a nested <Ssl> element, and the attacker has a certificate from a trusted Certificate Authority (CA). The vulnerability stems from an incomplete hostname verification fix, making TLS connections susceptible to interception.
6.8 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed (CRLF) sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-based syslog services. An attacker could exploit this to inject malicious data into log files, potentially obscuring critical security events or manipulating system records.
5.8 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Apache Log4j 1-to-Log4j 2 bridge. The Log4j1XmlLayout component fails to properly escape characters forbidden by the XML 1.0 standard. This improper handling of characters results in malformed XML output, which can cause downstream log processing systems to drop or fail to index affected records. The primary consequence is a denial of service for log analysis, potentially hindering security monitoring and incident response.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML output becomes invalid. This can lead to two main issues: either systems processing these logs will fail to read the affected records, or the logging process itself will stop delivering events, both resulting in a denial of service for logging operations.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Log4j's JsonTemplateLayout. This vulnerability allows a remote attacker to disrupt log processing systems. By sending log events that include specific non-numeric floating-point values, the attacker can cause the JsonTemplateLayout to generate invalid JSON output. This invalid output can then lead to downstream systems rejecting or failing to index these logs, effectively causing a denial of service for log analysis.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
64 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Offline Knowledge Portal security fixes, bug fixes, enhancements \u0026 content update",
"title": "Topic"
},
{
"category": "general",
"text": "This Red Hat Offline Knowledge Portal release upgrades from Solr 9.8.1 to Solr 10.0.0, and fixes several CVEs. It also includes content updates as of May 26 2026.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21773",
"url": "https://access.redhat.com/errata/RHSA-2026:21773"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/red-hat-offline-knowledge-portal",
"url": "https://access.redhat.com/products/red-hat-offline-knowledge-portal"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-11143",
"url": "https://access.redhat.com/security/cve/CVE-2025-11143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2332",
"url": "https://access.redhat.com/security/cve/CVE-2026-2332"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34477",
"url": "https://access.redhat.com/security/cve/CVE-2026-34477"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34478",
"url": "https://access.redhat.com/security/cve/CVE-2026-34478"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34479",
"url": "https://access.redhat.com/security/cve/CVE-2026-34479"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34480",
"url": "https://access.redhat.com/security/cve/CVE-2026-34480"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34481",
"url": "https://access.redhat.com/security/cve/CVE-2026-34481"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1",
"url": "https://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21773.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Offline Knowledge Portal security and content update",
"tracking": {
"current_release_date": "2026-06-05T19:45:17+00:00",
"generator": {
"date": "2026-06-05T19:45:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:21773",
"initial_release_date": "2026-05-28T22:46:23+00:00",
"revision_history": [
{
"date": "2026-05-28T22:46:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-28T22:46:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:45:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Offline Knowledge Portal 1.2.4",
"product": {
"name": "Red Hat Offline Knowledge Portal 1.2.4",
"product_id": "Red Hat Offline Knowledge Portal 1.2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:offline_knowledge_portal:1.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Offline Knowledge Portal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64",
"product": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64",
"product_id": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhokp-rhel9@sha256%3Aec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36?arch=amd64\u0026repository_url=registry.redhat.io/offline-knowledge-portal/rhokp-rhel9\u0026tag=1779996999"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"product": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"product_id": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhokp-rhel9@sha256%3Ab26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e?arch=arm64\u0026repository_url=registry.redhat.io/offline-knowledge-portal/rhokp-rhel9\u0026tag=1779996999"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64 as a component of Red Hat Offline Knowledge Portal 1.2.4",
"product_id": "Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64"
},
"product_reference": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"relates_to_product_reference": "Red Hat Offline Knowledge Portal 1.2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64 as a component of Red Hat Offline Knowledge Portal 1.2.4",
"product_id": "Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
},
"product_reference": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64",
"relates_to_product_reference": "Red Hat Offline Knowledge Portal 1.2.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11143",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-05T10:00:56.604564+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444808"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.eclipse.jetty. The Jetty URI parser handles invalid or unusual Uniform Resource Identifiers (URIs) differently compared to other common parsers. This discrepancy, known as differential parsing, can lead to security bypasses in systems that use multiple components to process URIs, such as when a blacklist enforcement component interprets a URI differently from a response generation component. At a minimum, this issue could unintentionally reveal internal system details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low by Red Hat. Successful usage of this vulnerability is non-trivial, as the attacker must be able to craft a URI that exploits Jetty\u0027s differential parsing while bypassing other parsers (ex. in a firewall or load balancer). Additionally, divulging implementation details is possible but not guaranteed while also being indirect, meaning that an attacker may be able to obtain error messages or behavioral differences, but those are not guaranteed. As such, there is likely no direct leak of sensitive data.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11143"
},
{
"category": "external",
"summary": "RHBZ#2444808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh"
}
],
"release_date": "2026-03-05T09:26:59.830000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T22:46:23+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21773"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing"
},
{
"cve": "CVE-2026-2332",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-04-14T12:01:05.768902+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to send a crafted payload to a Jetty server that is behind a reverse proxy or load balancer, specifically with a chunk extension that includes an unclosed double quote before the CRLF to trick the parser. This flaw allows an attacker to bypass security controls, cause cache poisoning or gain unauthorized endpoint access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2332"
},
{
"category": "external",
"summary": "RHBZ#2458187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2332",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2332"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89",
"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89"
}
],
"release_date": "2026-04-14T10:59:10.193000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T22:46:23+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21773"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing"
},
{
"cve": "CVE-2026-34477",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-04-10T16:01:36.691709+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457319"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Log4j Core. A network-based attacker can perform a man-in-the-middle (MITM) attack, allowing them to intercept encrypted communications. This occurs when an SMTP, Socket, or Syslog appender uses Transport Layer Security (TLS) with a nested \u003cSsl\u003e element, and the attacker has a certificate from a trusted Certificate Authority (CA). The vulnerability stems from an incomplete hostname verification fix, making TLS connections susceptible to interception.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34477"
},
{
"category": "external",
"summary": "RHBZ#2457319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34477",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34477"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/4075",
"url": "https://github.com/apache/logging-log4j2/pull/4075"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lkx8cl46t2bvkcwfcb2pd43ygc097lq4",
"url": "https://lists.apache.org/thread/lkx8cl46t2bvkcwfcb2pd43ygc097lq4"
},
{
"category": "external",
"summary": "https://logging.apache.org/cyclonedx/vdr.xml",
"url": "https://logging.apache.org/cyclonedx/vdr.xml"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName",
"url": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName"
},
{
"category": "external",
"summary": "https://logging.apache.org/security.html#CVE-2026-34477",
"url": "https://logging.apache.org/security.html#CVE-2026-34477"
}
],
"release_date": "2026-04-10T15:36:19.740000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T22:46:23+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21773"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification"
},
{
"cve": "CVE-2026-34478",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-04-10T16:01:52.683616+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed (CRLF) sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-based syslog services. An attacker could exploit this to inject malicious data into log files, potentially obscuring critical security events or manipulating system records.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows log injection via CRLF sequences due to silently renamed security attributes in Rfc5424Layout. This affects Red Hat products that directly configure Rfc5424Layout with stream-based syslog services, potentially enabling an attacker to obscure or manipulate log records. This impact is limited to specific configurations, as users of the SyslogAppender are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34478"
},
{
"category": "external",
"summary": "RHBZ#2457323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34478",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34478"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/4074",
"url": "https://github.com/apache/logging-log4j2/pull/4074"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/3k1clr2l6vkdnl4cbhjrnt1nyjvb5gwt",
"url": "https://lists.apache.org/thread/3k1clr2l6vkdnl4cbhjrnt1nyjvb5gwt"
},
{
"category": "external",
"summary": "https://logging.apache.org/cyclonedx/vdr.xml",
"url": "https://logging.apache.org/cyclonedx/vdr.xml"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout",
"url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout"
},
{
"category": "external",
"summary": "https://logging.apache.org/security.html#CVE-2026-34478",
"url": "https://logging.apache.org/security.html#CVE-2026-34478"
}
],
"release_date": "2026-04-10T15:40:17.713000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T22:46:23+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21773"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames"
},
{
"cve": "CVE-2026-34479",
"cwe": {
"id": "CWE-91",
"name": "XML Injection (aka Blind XPath Injection)"
},
"discovery_date": "2026-04-10T16:01:11.900823+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457313"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Log4j 1-to-Log4j 2 bridge. The Log4j1XmlLayout component fails to properly escape characters forbidden by the XML 1.0 standard. This improper handling of characters results in malformed XML output, which can cause downstream log processing systems to drop or fail to index affected records. The primary consequence is a denial of service for log analysis, potentially hindering security monitoring and incident response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34479"
},
{
"category": "external",
"summary": "RHBZ#2457313",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457313"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34479"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34479",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34479"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/4078",
"url": "https://github.com/apache/logging-log4j2/pull/4078"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/gd0hp6mj17rn3kj279vgy4p7kd4zz5on",
"url": "https://lists.apache.org/thread/gd0hp6mj17rn3kj279vgy4p7kd4zz5on"
},
{
"category": "external",
"summary": "https://logging.apache.org/cyclonedx/vdr.xml",
"url": "https://logging.apache.org/cyclonedx/vdr.xml"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html",
"url": "https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html"
},
{
"category": "external",
"summary": "https://logging.apache.org/security.html#CVE-2026-34479",
"url": "https://logging.apache.org/security.html#CVE-2026-34479"
}
],
"release_date": "2026-04-10T15:41:07.888000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T22:46:23+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21773"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping"
},
{
"cve": "CVE-2026-34480",
"cwe": {
"id": "CWE-168",
"name": "Improper Handling of Inconsistent Special Elements"
},
"discovery_date": "2026-04-10T16:02:17.024798+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457328"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML output becomes invalid. This can lead to two main issues: either systems processing these logs will fail to read the affected records, or the logging process itself will stop delivering events, both resulting in a denial of service for logging operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in Apache Log4j Core\u0027s XmlLayout component can lead to a denial of service in logging operations when log messages contain characters forbidden by the XML 1.0 specification. Systems processing these logs may fail to read records or the logging process may cease event delivery, impacting monitoring and auditing capabilities in affected Red Hat products. Red Hat products in their default configurations will be able to automatically recover, but some log messages may be lost.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34480"
},
{
"category": "external",
"summary": "RHBZ#2457328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457328"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34480",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34480"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/4077",
"url": "https://github.com/apache/logging-log4j2/pull/4077"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb",
"url": "https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb"
},
{
"category": "external",
"summary": "https://logging.apache.org/cyclonedx/vdr.xml",
"url": "https://logging.apache.org/cyclonedx/vdr.xml"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout",
"url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout"
},
{
"category": "external",
"summary": "https://logging.apache.org/security.html#CVE-2026-34480",
"url": "https://logging.apache.org/security.html#CVE-2026-34480"
}
],
"release_date": "2026-04-10T15:42:03.843000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T22:46:23+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21773"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging"
},
{
"cve": "CVE-2026-34481",
"cwe": {
"id": "CWE-241",
"name": "Improper Handling of Unexpected Data Type"
},
"discovery_date": "2026-04-10T16:01:44.581898+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457321"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Log4j\u0027s JsonTemplateLayout. This vulnerability allows a remote attacker to disrupt log processing systems. By sending log events that include specific non-numeric floating-point values, the attacker can cause the JsonTemplateLayout to generate invalid JSON output. This invalid output can then lead to downstream systems rejecting or failing to index these logs, effectively causing a denial of service for log analysis.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires an application to be configured with JsonTemplateLayout and to log attacker-controlled non-finite floating-point values within a MapMessage, which is not a default or common configuration in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34481"
},
{
"category": "external",
"summary": "RHBZ#2457321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34481",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34481"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34481",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34481"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/4080",
"url": "https://github.com/apache/logging-log4j2/pull/4080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n34zdv00gbkdbzt2rx9rf5mqz6lhopcv",
"url": "https://lists.apache.org/thread/n34zdv00gbkdbzt2rx9rf5mqz6lhopcv"
},
{
"category": "external",
"summary": "https://logging.apache.org/cyclonedx/vdr.xml",
"url": "https://logging.apache.org/cyclonedx/vdr.xml"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/manual/json-template-layout.html",
"url": "https://logging.apache.org/log4j/2.x/manual/json-template-layout.html"
},
{
"category": "external",
"summary": "https://logging.apache.org/security.html#CVE-2026-34481",
"url": "https://logging.apache.org/security.html#CVE-2026-34481"
}
],
"release_date": "2026-04-10T15:43:00.100000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T22:46:23+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21773"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:b26253f0a6c6b9e8c8458ecb07e79e9f87ff313491fffc31e342e32bce0a2b3e_arm64",
"Red Hat Offline Knowledge Portal 1.2.4:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:ec8b14b7a170b689a19cee7820888e81ddc3affc2faada6cc6139644f328bd36_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output"
}
]
}
RHSA-2026:22453
Vulnerability from csaf_redhat - Published: 2026-06-02 11:27 - Updated: 2026-06-03 11:38Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)
Severity
Important
Notes
Topic: An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of Important.
Details: An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data [rhboac-camel-quarkus-3] (CVE-2026-40858)
* camel-infinispan-common: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data [rhboac-camel-quarkus-3] (CVE-2026-40858)
* camel-amqp: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage [rhboac-camel-quarkus-3] (CVE-2026-40860)
* camel-jms: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage [rhboac-camel-quarkus-3] (CVE-2026-40860)
* camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization [rhboac-camel-quarkus-3] (CVE-2026-6857)
* jetty-http: HTTP request smuggling via chunked extension quoted-string parsing [rhboac-camel-quarkus-3] (CVE-2026-2332)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.18 for Quarkus 3.33
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_quarkus:3.33
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.18 for Quarkus 3.33
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_quarkus:3.33
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the camel-infinispan component of Apache Camel. A remote attacker, with the ability to write to the Infinispan cache, can inject a specially crafted serialized Java object. When this object is deserialized during normal aggregation repository operations, it can lead to arbitrary code execution within the application. This vulnerability stems from the component's use of java.io.ObjectInputStream without proper input filtering.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.18 for Quarkus 3.33
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_quarkus:3.33
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service (JMS) ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message payload without proper validation. Successful exploitation could lead to remote code execution on the system consuming the message, provided a deserialization gadget chain is present on the classpath.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.18 for Quarkus 3.33
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_quarkus:3.33
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
32 references
Acknowledgments
Innora Pte. Ltd.
Feng Ning
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\nRed Hat Product Security has rated this update as having a security impact of Important.",
"title": "Topic"
},
{
"category": "general",
"text": "An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data [rhboac-camel-quarkus-3] (CVE-2026-40858)\n* camel-infinispan-common: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data [rhboac-camel-quarkus-3] (CVE-2026-40858)\n* camel-amqp: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage [rhboac-camel-quarkus-3] (CVE-2026-40860)\n* camel-jms: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage [rhboac-camel-quarkus-3] (CVE-2026-40860)\n* camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization [rhboac-camel-quarkus-3] (CVE-2026-6857)\n* jetty-http: HTTP request smuggling via chunked extension quoted-string parsing [rhboac-camel-quarkus-3] (CVE-2026-2332)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22453",
"url": "https://access.redhat.com/errata/RHSA-2026:22453"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40858",
"url": "https://access.redhat.com/security/cve/CVE-2026-40858"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40860",
"url": "https://access.redhat.com/security/cve/CVE-2026-40860"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6857",
"url": "https://access.redhat.com/security/cve/CVE-2026-6857"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2332",
"url": "https://access.redhat.com/security/cve/CVE-2026-2332"
},
{
"category": "external",
"summary": "2458187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458187"
},
{
"category": "external",
"summary": "2460003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460003"
},
{
"category": "external",
"summary": "2463172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463172"
},
{
"category": "external",
"summary": "2463179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463179"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22453.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)",
"tracking": {
"current_release_date": "2026-06-03T11:38:39+00:00",
"generator": {
"date": "2026-06-03T11:38:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:22453",
"initial_release_date": "2026-06-02T11:27:09+00:00",
"revision_history": [
{
"date": "2026-06-02T11:27:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T11:27:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T11:38:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Build of Apache Camel 4.18 for Quarkus 3.33",
"product": {
"name": "Red Hat Build of Apache Camel 4.18 for Quarkus 3.33",
"product_id": "Red Hat Build of Apache Camel 4.18 for Quarkus 3.33",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_quarkus:3.33"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2332",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-04-14T12:01:05.768902+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to send a crafted payload to a Jetty server that is behind a reverse proxy or load balancer, specifically with a chunk extension that includes an unclosed double quote before the CRLF to trick the parser. This flaw allows an attacker to bypass security controls, cause cache poisoning or gain unauthorized endpoint access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2332"
},
{
"category": "external",
"summary": "RHBZ#2458187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2332",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2332"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89",
"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89"
}
],
"release_date": "2026-04-14T10:59:10.193000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:27:09+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22453"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing"
},
{
"acknowledgments": [
{
"names": [
"Feng Ning"
],
"organization": "Innora Pte. Ltd."
}
],
"cve": "CVE-2026-6857",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460003"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has an Important impact on Red Hat products utilizing `camel-infinispan` for remote aggregation. The flaw stems from unsafe deserialization within the ProtoStream remote aggregation repository, which could lead to remote code execution. This affects Red Hat Enterprise Application Platform and Red Hat JBoss Fuse when configured to use `camel-infinispan`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6857"
},
{
"category": "external",
"summary": "RHBZ#2460003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6857"
}
],
"release_date": "2026-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:27:09+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22453"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization"
},
{
"cve": "CVE-2026-40858",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-04-27T10:01:35.538625+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463179"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the camel-infinispan component of Apache Camel. A remote attacker, with the ability to write to the Infinispan cache, can inject a specially crafted serialized Java object. When this object is deserialized during normal aggregation repository operations, it can lead to arbitrary code execution within the application. This vulnerability stems from the component\u0027s use of java.io.ObjectInputStream without proper input filtering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.camel/camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40858"
},
{
"category": "external",
"summary": "RHBZ#2463179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463179"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40858",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40858"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40858",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40858"
},
{
"category": "external",
"summary": "https://camel.apache.org/security/CVE-2026-40858.html",
"url": "https://camel.apache.org/security/CVE-2026-40858.html"
}
],
"release_date": "2026-04-27T09:38:55.466000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:27:09+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.apache.camel/camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data"
},
{
"cve": "CVE-2026-40860",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-04-27T10:01:11.044535+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463172"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service (JMS) ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message payload without proper validation. Successful exploitation could lead to remote code execution on the system consuming the message, provided a deserialization gadget chain is present on the classpath.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40860"
},
{
"category": "external",
"summary": "RHBZ#2463172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40860"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/26/10",
"url": "http://www.openwall.com/lists/oss-security/2026/04/26/10"
},
{
"category": "external",
"summary": "https://camel.apache.org/security/CVE-2026-40860.html",
"url": "https://camel.apache.org/security/CVE-2026-40860.html"
}
],
"release_date": "2026-04-27T08:03:19.616000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:27:09+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage"
}
]
}
SUSE-SU-2026:1751-1
Vulnerability from csaf_suse - Published: 2026-05-07 11:53 - Updated: 2026-05-07 11:53Summary
Security update for jetty-minimal
Severity
Important
Notes
Title of the patch: Security update for jetty-minimal
Description of the patch: This update for jetty-minimal fixes the following issues:
- CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the 'funky chunks' techniques (bsc#1262115).
- CVE-2026-5795: Fixed JaspiAuthenticator broken access control (bsc#1261997).
Patchnames: SUSE-2026-1751,SUSE-SLE-Module-Development-Tools-15-SP7-2026-1751,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1751,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1751,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1751,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1751,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1751,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1751,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1751,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1751,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1751,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1751,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1751
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-http-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-io-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-security-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-server-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-servlet-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-ajax-9.4.58-150200.3.40.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jetty-minimal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jetty-minimal fixes the following issues:\n\n- CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \u0027funky chunks\u0027 techniques (bsc#1262115).\n- CVE-2026-5795: Fixed JaspiAuthenticator broken access control (bsc#1261997).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1751,SUSE-SLE-Module-Development-Tools-15-SP7-2026-1751,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1751,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1751,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1751,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1751,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1751,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1751,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1751,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1751,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1751,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1751,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1751",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1751-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1751-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261751-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1751-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046292.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261997",
"url": "https://bugzilla.suse.com/1261997"
},
{
"category": "self",
"summary": "SUSE Bug 1262115",
"url": "https://bugzilla.suse.com/1262115"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2332 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-5795 page",
"url": "https://www.suse.com/security/cve/CVE-2026-5795/"
}
],
"title": "Security update for jetty-minimal",
"tracking": {
"current_release_date": "2026-05-07T11:53:44Z",
"generator": {
"date": "2026-05-07T11:53:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1751-1",
"initial_release_date": "2026-05-07T11:53:44Z",
"revision_history": [
{
"date": "2026-05-07T11:53:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-annotations-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-annotations-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-ant-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-ant-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-cdi-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-cdi-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-client-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-client-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-continuation-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-continuation-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-deploy-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-deploy-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-fcgi-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-fcgi-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-http-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-http-spi-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-http-spi-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-io-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-jaas-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-jaas-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaspi-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-jaspi-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-jaspi-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-javax-websocket-client-impl-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-javax-websocket-client-impl-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-javax-websocket-server-impl-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-javax-websocket-server-impl-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-jmx-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-jmx-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-jndi-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-jndi-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-jsp-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-jsp-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-minimal-javadoc-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-minimal-javadoc-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-openid-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-openid-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-plus-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-plus-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-project-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-project-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-proxy-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-proxy-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-quickstart-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-quickstart-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-rewrite-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-rewrite-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-security-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-server-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-servlet-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-servlets-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-servlets-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-start-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-start-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-util-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-webapp-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-webapp-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-api-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-websocket-api-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-websocket-api-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-client-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-websocket-client-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-websocket-client-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-common-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-websocket-common-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-websocket-common-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-javadoc-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-websocket-javadoc-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-websocket-javadoc-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-server-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-websocket-server-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-websocket-server-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-servlet-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-websocket-servlet-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-websocket-servlet-9.4.58-150200.3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.58-150200.3.40.1.noarch",
"product": {
"name": "jetty-xml-9.4.58-150200.3.40.1.noarch",
"product_id": "jetty-xml-9.4.58-150200.3.40.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-continuation-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-http-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-http-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-io-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-io-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-security-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-security-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-server-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-server-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-servlet-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-servlet-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2332"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at \\r\\n inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2332",
"url": "https://www.suse.com/security/cve/CVE-2026-2332"
},
{
"category": "external",
"summary": "SUSE Bug 1262115 for CVE-2026-2332",
"url": "https://bugzilla.suse.com/1262115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-07T11:53:44Z",
"details": "important"
}
],
"title": "CVE-2026-2332"
},
{
"cve": "CVE-2026-5795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-5795"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.\n\n\nUpon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.\n\n\nA subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-5795",
"url": "https://www.suse.com/security/cve/CVE-2026-5795"
},
{
"category": "external",
"summary": "SUSE Bug 1261997 for CVE-2026-5795",
"url": "https://bugzilla.suse.com/1261997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:jetty-continuation-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:jetty-util-ajax-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-http-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-io-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-security-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-server-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-servlet-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-9.4.58-150200.3.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:jetty-util-ajax-9.4.58-150200.3.40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-07T11:53:44Z",
"details": "important"
}
],
"title": "CVE-2026-5795"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…