CVE-2023-40167 - Jetty HTTP/1 Header Parsing Vulnerability Explained
Jetty is a popular Java-based web server and servlet engine used in millions of applications, both for development and production purposes. In 2023, a
CVE-2023-36479 - How Jetty's CGI Servlet Bug Lets Hackers Run Rogue Commands
Published: April 2024
What is CVE-2023-36479?
CVE-2023-36479 is a serious security flaw discovered in Eclipse Jetty, a widely used open-source
CVE-2023-1108 - Denial-of-Service in Undertow via SSL Handshake Infinite Loop
A newly discovered vulnerability, CVE-2023-1108, affects the Undertow web server. This server is widely used behind application servers like WildFly and JBoss. This
CVE-2023-42503 - Exploiting Improper Input Validation in Apache Commons Compress (TAR Parsing) for Denial of Service
In late 2023, security researchers identified a Denial of Service (DoS) vulnerability in Apache Commons Compress library, affecting versions between 1.22 through 1.23.
CVE-2023-4785 - Exploiting Error Handling Flaws in Google's gRPC TCP Server for Large-Scale Denial of Service (DoS) Attacks
In 2023, a vulnerability identified as CVE-2023-4785 was disclosed in Google’s gRPC library. If you’re using gRPC C++, Python, or Ruby
Episode
00:00:00
00:00:00