Skip to main content

Jetty Security Reports

Reporting Security Issues

There are a number of avenues for reporting security issues to the Jetty project available. If the issue is directly related to Jetty itself then reporting to the Jetty developers is encouraged. The most direct method is to mail security@webtide.com. Since Webtide is comprised of the active committers of the Jetty project this is our preferred reporting method. We are generally flexible in how we work with reporters of security issues but we reserve the right to act in the interests of the Jetty project in all circumstances.

If the issue is related to Eclipse or its Jetty integration then we encourage you to reach out to security@eclipse.org.

If the issue is related to integrations with Jetty we are happy to work with you to identify the proper entity and either of the approaches above is fine.

We prefer that security issues are reported directly to Jetty developers as opposed through GitHub Issues since it has no facility to tag issues as private.

For more information on the process by which we handle security issues, please refer to this guide.

Jetty Security Reports

The following sections provide information about Jetty security issues. Mouse-over the CVE IDs for additional information related to each issue.

Table 1. Resolved Issues
Date ID Exploit Severity Affects Fixed Version

2023/04/18

CVE-2023-26049

Low

Low

<=9.4.50, <=10.013, <=11.0.13, <=12.0.0.alpha3

9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0

2023/04/18

CVE-2023-26048

Med

Med

<=9.4.50, <=10.0.13, <=11.0.13

9.4.51, 10.0.14, 11.0.14

2022/07/05

CVE-2022-2191

Med

High

<= 10.0.9, <= 11.0.9

10.0.10, 11.0.10

2022/07/05

CVE-2022-2047

Low

Low

<= 9.4.46, <= 10.0.9, <= 11.0.9

9.4.47, 10.0.10, 11.0.10

2022/07/05

CVE-2022-2048

Med

High

<= 9.4.46, <= 10.0.9, <= 11.0.9

9.4.47, 10.0.10, 11.0.10

2021/07/15

CVE-2021-34429

Med

Med

9.4.37 - 9.4.42, 10.0.1 - 10.0.5, 11.0.1 - 11.0.5

9.4.43, 10.0.6, 11.0.6

2021/06/22

CVE-2021-34428

Low

Low

<= 9.4.40, <= 10.0.2, <= 11.0.2

9.4.41, 10.0.3, 11.0.3

2021/06/08

CVE-2021-28169

Med

Med

<= 9.4.40, <= 10.0.2, <= 11.0.2

9.4.41, 10.0.3, 11.0.3

2021/04/01

CVE-2021-28165

Med

High

7.2.2 - 9.4.38, 10.0.0.alpha0 - 10.0.1, 11.0.0.alpha0 - 11.0.1

9.4.39, 10.0.2, 11.0.2

2021/04/01

CVE-2021-28164

Med

Med

9.4.37, 9.4.38

9.4.39

2021/04/01

CVE-2021-28163

Med

Med

9.4.32 - 9.4.38, 10.0.0.beta2 - 10.0.1, 11.0.0.beta2 - 11.0.1

9.4.39, 10.0.2, 11.0.2

2021/02/26

CVE-2020-27223

Med

Med

9.4.6.v20170531 - 9.4.36.v20210114, 10.0.0, 11.0.0

9.4.37, 10.0.1, 11.0.1

2020/11/17

CVE-2020-27218

Med

Med

9.4.0.RC0 - 9.4.34, 10.0.0.alpha0 - 10.0.0.beta2, 11.0.0.alpha0 - 11.0.0.beta2

9.4.35, 10.0.0.beta3, 11.0.0.beta3

2020/10/19

CVE-2020-27216

Med

High

< = 9.4.32

9.3.29, 9.4.33

2020/07/09

CVE-2019-17638

Med

High

>= 9.4.27, < = 9.4.29

9.4.30

2019/11/25

CVE-2019-17632

Med

Med

>= 9.4.21, < = 9.4.23

9.4.24

2019/08/13

CVE-2019-9518

Med

Med

< = 9.4.20

9.4.21

2019/08/13

CVE-2019-9516

Med

Med

< = 9.4.20

9.4.21

2019/08/13

CVE-2019-9515

Med

Med

< = 9.4.20

9.4.21

2019/08/13

CVE-2019-9514

Med

Med

< = 9.4.20

9.4.21

2019/08/13

CVE-2019-9512

Low

Low

< = 9.4.20

9.4.21

2019/08/13

CVE-2019-9511

Low

Low

< = 9.4.20

9.4.21

2019/04/11

CVE-2019-10247

Med

Med

< = 9.4.16

9.2.28, 9.3.27, 9.4.17

2019/04/11

CVE-2019-10246

High

High

< = 9.4.16

9.2.28, 9.3.27, 9.4.17

2019/04/11

CVE-2019-10241

High

High

< = 9.4.15

9.2.27, 9.3.26, 9.4.16

2018/06/25

CVE-2018-12538

High

High

>= 9.4.0, < = 9.4.8

9.4.9

2018/06/25

CVE-2018-12536

High

See CWE-202

< = 9.4.10

9.2.25, 9.3.24, 9.4.11

2018/06/25

CVE-2017-7658

See CWE-444

See CWE-444

< = 9.4.10

9.2.25, 9.3.24, 9.4.11

2018/06/25

CVE-2017-7657

See CWE-444

See CWE-444

< = 9.4.10

9.2.25, 9.3.24, 9.4.11

2018/06/25

CVE-2017-7656

See CWE-444

See CWE-444

< = 9.4.10

9.2.25, 9.3.24, 9.4.11

2016/05/31

CVE-2016-4800

high

high

>= 9.3.0, < = 9.3.8

9.3.9

2015/02/24

CVE-2015-2080

high

high

>=9.2.3 <9.2.9

9.2.9

2011/12/29

CVE-2011-4461

high

medium

All versions

7.6.0.RCO

2009/11/05

CVE-2009-3555

medium

high

JVM 1.6u19

7.01, 6.1.22

2007/12/22

CVE-2007-6672

high

medium

6.1.rc0-6.1.6

6.1.7

2007/11/05

CVE-2007-5614

low

low

<6.1.6

6.1.6rc1

2007/11/05

CVE-2007-5613

low

low

6.1.6

6.1.6rc0

2007/11/03

CVE-2007-5615

medium

medium

<6.1.6

6.1.6rc0

2006/11/22

CVE-2006-6969

low

high

<6.1.0, <6.0.2, <5.1.12, <4.2.27

6.1.0pre3, 6.0.2, 5.1.12, 4.2.27

2006/06/01

CVE-2006-2759

medium

medium

<6.0.*, <6.0.0Beta17

6.0.0Beta17

2005/11/18

CVE-2006-2758

medium

medium

<5.1.6

5.1.6, 6.0.0Beta4

Back to the top