UBUNTU-CVE-2022-2047

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2022-2047

Published: 07 Jul 2022, 21:15

Last modified:24 Oct 2025, 04:53

Vulnerability Summary

Overall Risk (default)

low

11/100

CVSS Score

2.7 LOW

3.1 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Jul 2022, 21:15

Published

Vulnerability first disclosed

24 Oct 2025, 04:53

Last Modified

Vulnerability information updated

Description

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

CVSS Metrics

v3.1•LOW•Score: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Affected Systems

ubuntu•jetty
all | all
ubuntu•jetty8
all | all
ubuntu•jetty9
all | all | all | all

References (4)

https://ubuntu.com/security/CVE-2022-2047
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
https://github.com/eclipse/jetty.project/pull/8146
https://www.cve.org/CVERecord?id=CVE-2022-2047