An IT safety alert replace for identified vulnerabilities has been issued for Eclipse Jetty. You can examine which merchandise are affected by the safety hole right here at information.de.
Federal workplace for Security on Information Technology (BSI) issued an replace on May 16, 2024 concerning the Eclipse Jetty safety vulnerability identified on November 29, 2020. The safety vulnerability impacts Linux, UNIX and Windows working methods and Debian Linux merchandise, Red Hat Enterprise Linux, SUSE Linux, Hitachi Ops Center and Eclipse Jetty.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: IBM Security Bulletin 7153639 (From 17 May 2024). Some helpful sources are listed later on this article.
Eclipse Jetty security discover – Risk: average
Risk stage: 3 (average)
CVSS Base Score: 4.8
CVSS provisional rating: 4,2
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop methods. The CVSS commonplace makes it potential to check potential or precise safety dangers based mostly on numerous standards with a view to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporary scores additionally bear in mind modifications over time within the danger scenario. According to CVSS, the present vulnerability menace is taken into account “average” with 4.8 foundation factors.
Eclipse Jetty Bug: The vulnerability permits spoofing
Eclipse Jetty is a Java HTTP server and Java servlet container.
A distant, unknown attacker might exploit a vulnerability in Eclipse Jetty to take management of knowledge.
Vulnerabilities have been categorised utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2020-27218.
Systems affected by the safety hole at a look
Operating methods
Linux, UNIX, Windows
Products
Debian Linux (cpe:/o:debian:debian_linux)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Hitachi Ops Center (cpe:/a:hitachi:ops_center)
Eclipse Jetty Eclipse Jetty Eclipse Jetty
Common steps to handle IT safety gaps
- Users of affected methods ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually comprises further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to usually verify the desired sources to see if a brand new safety replace is on the market.
Sources for updates, patches and workarounds
Here you will see some hyperlinks with details about bug studies, safety fixes and workarounds.
IBM Security Bulletin 7153639 vom 2024-05-17 (16.05.2024)
For extra data, see:
Debian Security Advisory DLA-3641 vom 2023-10-30 (30.10.2023)
For extra data, see:
Hitachi Risk Information HITACHI-SEC-2022-115 vom 2022-05-27 (26.05.2022)
For extra data, see:
Red Hat Security Advisory RHSA-2022:1029 vom 2022-03-23 (22.03.2022)
For extra data, see:
Red Hat Security Advisory RHSA-2021:4767 vom 2021-11-23 (23.11.2021)
For extra data, see:
Red Hat Security Advisory RHSA-2021:2430 vom 2021-07-02 (01.07.2021)
For extra data, see:
Red Hat Security Advisory RHSA-2021:2517 vom 2021-06-30 (30.06.2021)
For extra data, see:
Red Hat Security Advisory RHSA-2021:2499 vom 2021-06-29 (28.06.2021)
For extra data, see:
Red Hat Security Advisory RHSA-2021:0417 vom 2021-02-04 (04.02.2021)
For extra data, see:
Red Hat Security Advisory RHSA-2021:0329 vom 2021-02-02 (01.02.2021)
For extra data, see:
SUSE Security Update SUSE-SU-2020:3922-1 vom 2020-12-22 (22.12.2020)
For extra data, see:
Eclipse Bugzilla from 2020-11-29 (29.11.2020)
For extra data, see:
Version historical past of this safety alert
This is model 12 of this Eclipse Jetty IT safety discover. If additional updates are introduced, this doc might be up to date. You can examine modifications or additions on this model historical past.
November 29, 2020 – First model
12/22/2020 – New updates from SUSE added
02/01/2021 – New updates from Red Hat have been added
02/04/2021 – New updates from Red Hat have been added
June 28, 2021 – New updates from Red Hat have been added
June 30, 2021 – New updates from Red Hat added
July 1, 2021 – New updates from Red Hat added
November 23, 2021 – New updates from Red Hat have been added
03/22/2022 – New updates from Red Hat have been added
May 26, 2022 – New updates from HITACHI added
October 30, 2023 – New updates from Debian added
May 16, 2024 – New updates from IBM added
+++ Editorial observe: This doc relies on present BSI knowledge and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see scorching information, present movies and a direct line to the editorial staff.
kns/roj/information.de