{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T15:32:27.907","vulnerabilities":[{"cve":{"id":"CVE-2017-7658","sourceIdentifier":"emo@eclipse.org","published":"2018-06-26T17:29:00.210","lastModified":"2024-11-21T03:32:23.850","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization."},{"lang":"es","value":"En Eclipse Jetty Server, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones que no sean HTTP/1.x) y versiones 9.4.x (todas las configuraciones HTTP/1.x), cuando se presentan con dos cabeceras content-lengths, Jetty ignora la segunda. Cuando se presenta con una cabecera de cifrado fragmentada y otra content-length, esta última fue ignorada (según RFC 2616). Si un intermediario se decide por el tamaño más pequeño, pero se sigue pasando como el cuerpo más grande, el contenido del cuerpo podría ser interpretado por Jetty como petición pipelined. Si el intermediario impone la autorización, la petición pipelined falsa omitiría dicha autorización."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionEndIncluding":"9.2.26","matchCriteriaId":"486E784F-1FC5-42AA-B144-EDBE5FE9B993"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"9.3.0","versionEndExcluding":"9.3.24","matchCriteriaId":"C513260A-7AD7-44C2-97F0-167B5819475E"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"9.4.0","versionEndExcluding":"9.4.11","matchCriteriaId":"5A720480-0A8A-48FE-85FE-6973DAB7A7D5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*","matchCriteriaId":"36FC547E-861A-418C-A314-DA09A457B13A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*","matchCriteriaId":"DF9FEE51-50E3-41E9-AA0D-272A640F85CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*","matchCriteriaId":"E69E905F-2E1A-4462-9082-FF7B10474496"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*","matchCriteriaId":"0F9B692C-8986-4F91-9EF4-2BB1E3B5C133"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_payment:3.3:*:*:*:*:*:*:*","matchCriteriaId":"8FBA1229-8AC0-4E6F-9F31-AB647160FB15"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","matchCriteriaId":"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*","matchCriteriaId":"11DA6839-849D-4CEF-85F3-38FE75E07183"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*","matchCriteriaId":"BCE78490-A4BE-40BD-8C72-0A4526BBD4A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*","matchCriteriaId":"55AE3629-4A66-49E4-A33D-6D81CC94962F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*","versionStartIncluding":"8.4.0-00","versionEndIncluding":"8.6.2-00","matchCriteriaId":"3C209829-7941-4B64-89CA-0220804B6163"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:xp_p9000:-:*:*:*:*:*:*:*","matchCriteriaId":"1CC9BC28-72E9-4D53-B388-6A8AB7CFD22E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:*:*:*","matchCriteriaId":"3CF77086-43C1-44DB-A574-61A9A3DD1220"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndIncluding":"11.50.1","matchCriteriaId":"F5F95A41-A496-481C-A906-E0307AC1EA63"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*","matchCriteriaId":"680ECEAE-D73F-47D2-8AF8-7704469CF3EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"A3C19813-E823-456A-B1CE-EC0684CE1953"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci_storage_node:-:*:*:*:*:*:*:*","matchCriteriaId":"A3246A7D-243B-415A-827D-C5D7F62AFE19"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndIncluding":"3.1.3","matchCriteriaId":"B9273745-6408-4CD3-94E8-9385D4F5FE69"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_unified_manager_for_7-mode:-:*:*:*:*:*:*:*","matchCriteriaId":"D774A4A1-3D1E-4C31-B876-97BEA9E95027"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","matchCriteriaId":"AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*","matchCriteriaId":"9F4754FB-E3EB-454A-AB1A-AE3835C5350C"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*","matchCriteriaId":"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*","matchCriteriaId":"26A2B713-7D6D-420A-93A4-E0D983C983DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*","matchCriteriaId":"64DE38C8-94F1-4860-B045-F33928F676A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","matchCriteriaId":"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:storage_services_connector:-:*:*:*:*:*:*:*","matchCriteriaId":"C27762B9-8042-429B-B714-3B3A17B2842A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/106566","source":"emo@eclipse.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041194","source":"emo@eclipse.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669","source":"emo@eclipse.org","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E","source":"emo@eclipse.org"},{"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E","source":"emo@eclipse.org"},{"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","source":"emo@eclipse.org"},{"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","source":"emo@eclipse.org"},{"url":"https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E","source":"emo@eclipse.org"},{"url":"https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E","source":"emo@eclipse.org"},{"url":"https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E","source":"emo@eclipse.org"},{"url":"https://security.netapp.com/advisory/ntap-20181014-0001/","source":"emo@eclipse.org","tags":["Third Party Advisory"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us","source":"emo@eclipse.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4278","source":"emo@eclipse.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"emo@eclipse.org"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"emo@eclipse.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","source":"emo@eclipse.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source":"emo@eclipse.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/106566","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041194","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20181014-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4278","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}