7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 High
AI Score
Confidence
High
0.732 High
EPSS
Percentile
98.1%
Eclipse Jetty is used by IBM Sterling Connect:Direct for UNIX in product management. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in Eclipse Jetty. IBM Sterling Connect:Direct for UNIX has upgraded Eclipse Jetty to version 9.4.53 to address the issues.
CVEID:CVE-2023-36478
**DESCRIPTION:**Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268413 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-44487
**DESCRIPTION:**Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RST_STREAM frames over multiple streams, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-40167
**DESCRIPTION:**Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted request, a remote attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-36479
**DESCRIPTION:**Eclipse Jetty could provide weaker than expected security, caused by an errant command quoting flaw in the org.eclipse.jetty.servlets.CGI Servlet. A remote authenticated attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 3.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266435 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N)
CVEID:CVE-2023-41900
**DESCRIPTION:**Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the optional nested LoginService. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 3.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266185 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Connect:Direct for UNIX | 6.0.0.0 - 6.0.0.2.iFix158 |
IBM Sterling Connect:Direct for UNIX | 6.1.0.0 - 6.1.0.4.iFix098 |
IBM Sterling Connect:Direct for UNIX | 6.2.0.0 - 6.2.0.7.iFix004 |
IBM Sterling Connect:Direct for UNIX | 6.3.0.0 - 6.3.0.2.iFix004 |
IBM strongly recommends addressing the vulnerability now by upgrading
Product | Version | Remediation/Fix/Instructions |
---|---|---|
IBM Sterling Connect:Direct for UNIX | 6.3.0 | Apply 6.3.0.2.iFix005, available on Fix Central. |
IBM Sterling Connect:Direct for UNIX | 6.2.0 | Apply 6.2.0.7.iFix005, available on Fix Central. |
IBM Sterling Connect:Direct for UNIX | 6.1.0 | Apply 6.1.0.4.iFix099, available on Fix Central. |
IBM Sterling Connect:Direct for UNIX | 6.0.0 | Apply 6.0.0.2.iFix159, available on Fix Central. |
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 High
AI Score
Confidence
High
0.732 High
EPSS
Percentile
98.1%