In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDebian
OSDebian9.0Eclipse Jetty
APPEclipse≤ 9.2.269.3.0 – 9.3.24 (bez)9.4.0 – 9.4.11 (bez)HP Xp P9000
HWHpwszystkie wersjeHP Xp P9000 Command View
APPHp8.4.0-00 – 8.6.2-00Netapp E Series Santricity Management
APPNetappwszystkie wersjeNetapp E Series Santricity Os Controller
APPNetapp11.0 – 11.50.1Netapp E Series Santricity Web Services
APPNetappwszystkie wersjeNetapp Hci Management Node
APPNetappwszystkie wersjeNetapp Hci Storage Node
APPNetappwszystkie wersjeNetapp Oncommand System Manager
APPNetapp3.0 – 3.1.3Netapp Oncommand Unified Manager For 7 Mode
APPNetappwszystkie wersjeNetapp Santricity Cloud Connector
APPNetappwszystkie wersjeNetapp Snapcenter
APPNetappwszystkie wersjeNetapp Snap Creator Framework
APPNetappwszystkie wersjeNetapp Snapmanager
APPNetappwszystkie wersjeNetapp Solidfire
APPNetappwszystkie wersjeNetapp Storage Services Connector
APPNetappwszystkie wersjeOracle Rest Data Services
APPOracle11.2.0.412.1.0.212.2.0.118cOracle Retail Xstore Payment
APPOracle3.3Oracle Retail Xstore Point Of Service
APPOracle15.016.017.07.1
Powiązane podatności
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki