[MAVEN:GHSA-6X9X-8QW9-9PP6] Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)

Severity Critical

Affected Packages 3

Fixed Packages 3

CVEs 1

Eclipse Jetty Server versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), are vulnerable to HTTP Request Smuggling when presented with two content-lengths headers, allowing authorization bypass. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decides on the shorter length, but still passes on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary is imposing authorization, the fake pipelined request bypasses that authorization.

Package	Affected Version
pkg:maven/org.eclipse.jetty/jetty-server	>= 9.4.0, < 9.4.11.v20180605
pkg:maven/org.eclipse.jetty/jetty-server	>= 9.3.0, < 9.3.24.v20180605
pkg:maven/org.eclipse.jetty/jetty-server	< 9.2.25.v20180606

Package	Fixed Version
pkg:maven/org.eclipse.jetty/jetty-server	= 9.4.11.v20180605
pkg:maven/org.eclipse.jetty/jetty-server	= 9.3.24.v20180605
pkg:maven/org.eclipse.jetty/jetty-server	= 9.2.25.v20180606

ID

MAVEN:GHSA-6X9X-8QW9-9PP6

Severity

critical

URL

https://github.com/advisories/GHSA-6x9x-8qw9-9pp6

Published

2018-10-19T16:16:38
(6 years ago)

Modified

2023-03-09T20:35:04
(18 months ago)

Rights

Maven Security Team

Other Advisories

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2017-7658
			https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669
			https://github.com/advisories/GHSA-6x9x-8qw9-9pp6
			https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
			https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
			https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
			https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
			https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E
			https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E
			https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E
			https://security.netapp.com/advisory/ntap-20181014-0001/
			https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us
			https://www.debian.org/security/2018/dsa-4278
			https://www.oracle.com/security-alerts/cpuoct2020.html
			https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
			https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
			http://www.securityfocus.com/bid/106566
			http://www.securitytracker.com/id/1041194

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.eclipse.jetty/jetty-server	org.eclipse.jetty	jetty-server	>= 9.4.0 < 9.4.11.v20180605
Fixed	pkg:maven/org.eclipse.jetty/jetty-server	org.eclipse.jetty	jetty-server	= 9.4.11.v20180605
Affected	pkg:maven/org.eclipse.jetty/jetty-server	org.eclipse.jetty	jetty-server	>= 9.3.0 < 9.3.24.v20180605
Fixed	pkg:maven/org.eclipse.jetty/jetty-server	org.eclipse.jetty	jetty-server	= 9.3.24.v20180605
Affected	pkg:maven/org.eclipse.jetty/jetty-server	org.eclipse.jetty	jetty-server	< 9.2.25.v20180606
Fixed	pkg:maven/org.eclipse.jetty/jetty-server	org.eclipse.jetty	jetty-server	= 9.2.25.v20180606

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date