{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T06:46:31.756","vulnerabilities":[{"cve":{"id":"CVE-2024-6763","sourceIdentifier":"emo@eclipse.org","published":"2024-10-14T16:15:04.163","lastModified":"2026-06-17T08:18:39.953","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.\n\nThe HttpURI class does insufficient validation on the authority segment of a URI.  However the behaviour of HttpURI\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC.  Specifically HttpURI\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks."},{"lang":"es","value":"Eclipse Jetty es un servidor web y motor de servlets basado en Java, ligero y altamente escalable. Incluye una clase de utilidad, HttpURI, para el análisis de URL/URL. La clase HttpURI realiza una validación insuficiente en el segmento de autoridad de una URI. Sin embargo, el comportamiento de HttpURI difiere de los navegadores comunes en cómo maneja una URI que se consideraría inválida si se validara completamente contra el RRC. Específicamente, HttpURI y el navegador pueden diferir en el valor del host extraído de una URI inválida y, por lo tanto, una combinación de Jetty y un navegador vulnerable puede ser vulnerable a un ataque de redireccionamiento abierto o a un ataque SSRF si la URI se usa después de pasar las verificaciones de validación."}],"affected":[{"source":"emo@eclipse.org","affectedData":[{"vendor":"Eclipse Foundation","product":"Jetty","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2/","packageName":"org.eclipse.jetty:jetty-http","modules":["jetty-http"],"repo":"https://github.com/jetty/jetty.project","versions":[{"version":"7.0.0","lessThanOrEqual":"12.0.11","versionType":"semver","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"eclipse","product":"jetty","defaultStatus":"unaffected","cpes":["cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"12.0.11","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-15T17:44:14.448650Z","id":"CVE-2024-6763","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1286"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"9.4.57","matchCriteriaId":"4171EAFD-7EFE-4CC9-8CAE-4DDE86D14A12"}]}]}],"references":[{"url":"https://github.com/jetty/jetty.project/pull/12012","source":"emo@eclipse.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh","source":"emo@eclipse.org","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/25","source":"emo@eclipse.org","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20250306-0005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}