DEBIAN-CVE-2022-2047

Advisory lineage Upstream: 1 Downstream: 2

Upstream

CVE-2022-2047

Downstream

DLA-3079-1 DSA-5198-1

Published: 07 Jul 2022, 21:15

Last modified:28 Apr 2026, 20:23

Vulnerability Summary

Overall Risk (default)

low

11/100

CVSS Score

2.7 LOW

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Jul 2022, 21:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:23

Last Modified

Vulnerability information updated

Description

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

CVSS Metrics

v3.1•LOW•Score: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Affected Systems

debian•jetty9
< 9.4.39-3+deb11u1 | < 9.4.48-1 | < 9.4.48-1 | < 9.4.48-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2022-2047