CVE-2022-2047
LOWEclipse Jetty 9.4.0-9.4.46, 10.0.0-10.0.9, 11.0.0-11.0.9 - Improper Input Validation in HttpURI Authority Parsing
Title source: llmDescription
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2022/dsa-5198
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220901-0006/
Scores
CVSS v3
2.7
EPSS
0.0057
EPSS Percentile
68.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (9)
debian/debian_linux
10.0
debian/debian_linux
11.0
eclipse/jetty
< 9.4.46
netapp/element_plug-in_for_vcenter_server
netapp/hci_compute_node
netapp/management_services_for_element_software_and_netapp_hci
netapp/snapcenter
netapp/solidfire_\&_hci_storage_node
org.eclipse.jetty/jetty-http
0 - 9.4.47Maven
Published
Jul 07, 2022
Tracked Since
Feb 18, 2026