HIGH🇵🇱 Wersja polska

CVE-2026-2332

CVSS 7.4v3.1pub. 2026-04-14upd. 2026-07-02

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing at \r\n inside quoted strings instead of treating this as an error. POST / HTTP/1.1 Host: localhost Transfer-Encoding: chunked 1;ext="val X 0 GET /smuggled HTTP/1.1 ... Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Eclipse Jetty

    APP
    Eclipse
    9.4.0 – 9.4.60 (bez)10.0.0 – 10.0.28 (bez)11.0.0 – 11.0.28 (bez)12.0.0 – 12.0.33 (bez)12.1.0 – 12.1.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-17638CRITICAL9.4ten sam produkt

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty ...

CVE-2017-7657CRITICAL9.8ten sam produkt

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration w...

CVE-2017-7658CRITICAL9.8ten sam produkt

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTT...

CVE-2016-4800CRITICAL9.8ten sam produkt

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows r...

CVE-2023-44487HIGH7.5⚠ KEVten sam produkt

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can ...