WID-SEC-W-2023-1009
Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2025-05-29 22:00Summary
Eclipse Jetty: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1009 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1009.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1009 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1009"
},
{
"category": "external",
"summary": "Eclipse Security Advisory vom 2023-04-18",
"url": "https://www.eclipse.org/lists/jetty-announce/msg00176.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6995451 vom 2023-05-18",
"url": "https://www.ibm.com/support/pages/node/6995451"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20230526-0001 vom 2023-05-26",
"url": "https://security.netapp.com/advisory/ntap-20230526-0001/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7001787 vom 2023-06-07",
"url": "https://www.ibm.com/support/pages/node/7001787"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2539-1 vom 2023-06-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015228.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7014917 vom 2023-08-01",
"url": "https://www.ibm.com/support/pages/node/7014917"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14",
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5507 vom 2023-09-29",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00200.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3592 vom 2023-09-30",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5441 vom 2023-10-04",
"url": "https://access.redhat.com/errata/RHSA-2023:5441"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7067421 vom 2023-11-07",
"url": "https://www.ibm.com/support/pages/node/7067421"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7067416 vom 2023-11-07 vom 2023-11-06",
"url": "https://www.ibm.com/support/pages/node/7067416"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7070740 vom 2023-11-16",
"url": "https://www.ibm.com/support/pages/node/7070740"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7082766 vom 2023-11-28",
"url": "https://www.ibm.com/support/pages/node/7082766"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7638 vom 2023-12-05",
"url": "https://access.redhat.com/errata/RHSA-2023:7638"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7641 vom 2023-12-05",
"url": "https://access.redhat.com/errata/RHSA-2023:7641"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7639 vom 2023-12-05",
"url": "https://access.redhat.com/errata/RHSA-2023:7639"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7637 vom 2023-12-05",
"url": "https://access.redhat.com/errata/RHSA-2023:7637"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7099297 vom 2023-12-18",
"url": "https://www.ibm.com/support/pages/node/7099297"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12",
"url": "https://access.redhat.com/errata/RHSA-2024:0778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0804 vom 2024-02-13",
"url": "https://access.redhat.com/errata/RHSA-2024:0804"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0799 vom 2024-02-14",
"url": "https://access.redhat.com/errata/RHSA-2024:0799"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7153639 vom 2024-05-17",
"url": "https://www.ibm.com/support/pages/node/7153639"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3385 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3385"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156278 vom 2024-06-03",
"url": "https://www.ibm.com/support/pages/node/7156278"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2024-2756 vom 2024-11-02",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25087"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7235064 vom 2025-05-29",
"url": "https://www.ibm.com/support/pages/node/7235064"
}
],
"source_lang": "en-US",
"title": "Eclipse Jetty: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-29T22:00:00.000+00:00",
"generator": {
"date": "2025-05-30T09:12:24.350+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-1009",
"initial_release_date": "2023-04-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-04-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-05-29T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2023-06-06T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-18T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-07-31T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-28T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-01T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2023-10-04T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-06T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-11-16T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2023-11-27T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-12-04T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-18T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-02-11T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-13T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "23"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.1a",
"product_id": "T038317"
}
},
{
"category": "product_version",
"name": "2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav 2.3.1a",
"product_id": "T038317-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.1a"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.15",
"product": {
"name": "Eclipse Jetty \u003c11.0.15",
"product_id": "T027452"
}
},
{
"category": "product_version",
"name": "11.0.15",
"product": {
"name": "Eclipse Jetty 11.0.15",
"product_id": "T027452-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:11.0.15"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.15",
"product": {
"name": "Eclipse Jetty \u003c10.0.15",
"product_id": "T027453"
}
},
{
"category": "product_version",
"name": "10.0.15",
"product": {
"name": "Eclipse Jetty 10.0.15",
"product_id": "T027453-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:10.0.15"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.51",
"product": {
"name": "Eclipse Jetty \u003c9.4.51",
"product_id": "T027454"
}
},
{
"category": "product_version",
"name": "9.4.51",
"product": {
"name": "Eclipse Jetty 9.4.51",
"product_id": "T027454-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:9.4.51"
}
}
}
],
"category": "product_name",
"name": "Jetty"
}
],
"category": "vendor",
"name": "Eclipse"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cAnalyzer 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003cAnalyzer 10.9.3-00",
"product_id": "T030196"
}
},
{
"category": "product_version",
"name": "Analyzer 10.9.3-00",
"product": {
"name": "Hitachi Ops Center Analyzer 10.9.3-00",
"product_id": "T030196-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:analyzer_10.9.3-00"
}
}
},
{
"category": "product_version_range",
"name": "\u003cViewpoint 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003cViewpoint 10.9.3-00",
"product_id": "T030197"
}
},
{
"category": "product_version",
"name": "Viewpoint 10.9.3-00",
"product": {
"name": "Hitachi Ops Center Viewpoint 10.9.3-00",
"product_id": "T030197-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:viewpoint_10.9.3-00"
}
}
}
],
"category": "product_name",
"name": "Ops Center"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T019704",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003cinterim fix DT213400",
"product": {
"name": "IBM Business Automation Workflow \u003cinterim fix DT213400",
"product_id": "T027778"
}
},
{
"category": "product_version",
"name": "interim fix DT213400",
"product": {
"name": "IBM Business Automation Workflow interim fix DT213400",
"product_id": "T027778-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:interim_fix_dt213400"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
},
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"category": "product_name",
"name": "IBM Integration Bus",
"product": {
"name": "IBM Integration Bus",
"product_id": "T011169",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.6.1.3",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.3",
"product_id": "1234217",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.3"
}
}
},
{
"category": "product_version",
"name": "7.6.1",
"product": {
"name": "IBM Maximo Asset Management 7.6.1",
"product_id": "389168",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"branches": [
{
"category": "product_version",
"name": "8.10.x",
"product": {
"name": "IBM Operational Decision Manager 8.10.x",
"product_id": "T027827",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.10.x"
}
}
},
{
"category": "product_version",
"name": "8.11.x",
"product": {
"name": "IBM Operational Decision Manager 8.11.x",
"product_id": "T027828",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11.x"
}
}
}
],
"category": "product_name",
"name": "Operational Decision Manager"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.3.2.6",
"product": {
"name": "IBM Rational Change \u003c5.3.2.6",
"product_id": "T028986"
}
},
{
"category": "product_version",
"name": "5.3.2.6",
"product": {
"name": "IBM Rational Change 5.3.2.6",
"product_id": "T028986-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_change:5.3.2.6"
}
}
}
],
"category": "product_name",
"name": "Rational Change"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "for Linux",
"product": {
"name": "NetApp ActiveIQ Unified Manager for Linux",
"product_id": "T023548",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_linux"
}
}
},
{
"category": "product_version",
"name": "for Microsoft Windows",
"product": {
"name": "NetApp ActiveIQ Unified Manager for Microsoft Windows",
"product_id": "T025631",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows"
}
}
}
],
"category": "product_name",
"name": "ActiveIQ Unified Manager"
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform",
"product_id": "T003085",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26048",
"product_status": {
"known_affected": [
"T038317",
"67646",
"T011169",
"389168",
"T030196",
"T030197",
"T022954",
"T023548",
"T027827",
"T027828",
"2951",
"T002207",
"444803",
"T019704",
"T025631",
"T027778",
"T028986",
"1234217",
"T027454",
"T003085",
"T027452",
"T027453"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-26048"
},
{
"cve": "CVE-2023-26049",
"product_status": {
"known_affected": [
"T038317",
"67646",
"T011169",
"389168",
"T030196",
"T030197",
"T022954",
"T023548",
"T027827",
"T027828",
"2951",
"T002207",
"444803",
"T019704",
"T025631",
"T027778",
"T028986",
"1234217",
"T027454",
"T003085",
"T027452",
"T027453"
]
},
"release_date": "2023-04-18T22:00:00.000+00:00",
"title": "CVE-2023-26049"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…