wid-sec-w-2025-0987
Vulnerability from csaf_certbund
Published
2025-05-08 22:00
Modified
2025-08-06 22:00
Summary
Eclipse Jetty: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um Daten zu manipulieren oder einen Denial-of-Service auszulösen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um Daten zu manipulieren oder einen Denial-of-Service auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0987 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0987.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0987 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0987"
},
{
"category": "external",
"summary": "jetty-announce vom 2025-05-08",
"url": "https://www.eclipse.org/lists/jetty-announce/msg00197.html"
},
{
"category": "external",
"summary": "jetty GitHub vom 2025-05-08",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"category": "external",
"summary": "jetty-announce vom 2025-05-08",
"url": "https://www.eclipse.org/lists/jetty-announce/msg00198.html"
},
{
"category": "external",
"summary": "jetty GitHub vom 2025-05-08",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7696 vom 2025-05-15",
"url": "https://access.redhat.com/errata/RHSA-2025:7696"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15160-1 vom 2025-05-27",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YHGGC7B6PWN2UBH367C4SXP6PWNDYAXM/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01738-1 vom 2025-05-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4ULIFKC3HN46CWW5I3UU5DGUJKMLM6UC/"
},
{
"category": "external",
"summary": "PDFreactor 12.2 release notes vom 2025-06-17",
"url": "https://www.pdfreactor.com/pdfreactor-12-2-now-available/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9697 vom 2025-06-26",
"url": "https://access.redhat.com/errata/RHSA-2025:9697"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9922 vom 2025-06-30",
"url": "https://access.redhat.com/errata/RHSA-2025:9922"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10118 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10097 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10097"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10098 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10120 vom 2025-07-02",
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10092 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10092"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10104 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10119 vom 2025-07-01",
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - July 15 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-july-15-2025-1590658642.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12511 vom 2025-08-03",
"url": "https://access.redhat.com/errata/RHSA-2025:12511"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13274 vom 2025-08-06",
"url": "https://access.redhat.com/errata/RHSA-2025:13274"
}
],
"source_lang": "en-US",
"title": "Eclipse Jetty: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-06T22:00:00.000+00:00",
"generator": {
"date": "2025-08-07T08:50:24.400+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0987",
"initial_release_date": "2025-05-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-06-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-01T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-08-03T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.3",
"product": {
"name": "Atlassian Bamboo \u003c11.0.3",
"product_id": "T045447"
}
},
{
"category": "product_version",
"name": "11.0.3",
"product": {
"name": "Atlassian Bamboo 11.0.3",
"product_id": "T045447-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:11.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.6 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c10.2.6 (LTS)",
"product_id": "T045448"
}
},
{
"category": "product_version",
"name": "10.2.6 (LTS)",
"product": {
"name": "Atlassian Bamboo 10.2.6 (LTS)",
"product_id": "T045448-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.6_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.15 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c9.6.15 (LTS)",
"product_id": "T045449"
}
},
{
"category": "product_version",
"name": "9.6.15 (LTS)",
"product": {
"name": "Atlassian Bamboo 9.6.15 (LTS)",
"product_id": "T045449-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.15_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4.57",
"product": {
"name": "Eclipse Jetty \u003c9.4.57",
"product_id": "T043523"
}
},
{
"category": "product_version",
"name": "9.4.57",
"product": {
"name": "Eclipse Jetty 9.4.57",
"product_id": "T043523-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:9.4.57"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.17",
"product": {
"name": "Eclipse Jetty \u003c12.0.17",
"product_id": "T043524"
}
},
{
"category": "product_version",
"name": "12.0.17",
"product": {
"name": "Eclipse Jetty 12.0.17",
"product_id": "T043524-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:eclipse:jetty:12.0.17"
}
}
}
],
"category": "product_name",
"name": "Jetty"
}
],
"category": "vendor",
"name": "Eclipse"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.2",
"product": {
"name": "RealObjects PDFreactor \u003c12.2",
"product_id": "T044675"
}
},
{
"category": "product_version",
"name": "12.2",
"product": {
"name": "RealObjects PDFreactor 12.2",
"product_id": "T044675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:realobjects:pdfreactor:12.2"
}
}
}
],
"category": "product_name",
"name": "PDFreactor"
}
],
"category": "vendor",
"name": "RealObjects"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Camel for Spring Boot 1",
"product": {
"name": "Red Hat Integration Camel for Spring Boot 1",
"product_id": "T035240",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_for_spring_boot_1"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"branches": [
{
"category": "product_version",
"name": "Developer Tools and Services 4.14",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.14",
"product_id": "T031233",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.14"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.16",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.16",
"product_id": "T044977",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.16"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.17",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.17",
"product_id": "T044978",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.17"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.18",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.18",
"product_id": "T044979",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.18"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.15",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.15",
"product_id": "T044980",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.15"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.13",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.13",
"product_id": "T044981",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.13"
}
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.12",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.12",
"product_id": "T044982",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.12"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"product_status": {
"known_affected": [
"T031233",
"67646",
"T035240",
"T044675",
"T045448",
"T043523",
"T045447",
"T002207",
"T044977",
"T045449",
"T044979",
"T044978",
"T027843",
"T044980",
"T044982",
"T044981"
]
},
"release_date": "2025-05-08T22:00:00.000+00:00",
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2025-1948",
"product_status": {
"known_affected": [
"T031233",
"67646",
"T035240",
"T044675",
"T045448",
"T045447",
"T002207",
"T044977",
"T043524",
"T045449",
"T044979",
"T044978",
"T027843",
"T044980",
"T044982",
"T044981"
]
},
"release_date": "2025-05-08T22:00:00.000+00:00",
"title": "CVE-2025-1948"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…