As BSI studies, an IT safety alert a few identified Eclipse Jetty vulnerability has obtained an replace. You can examine which merchandise are affected by the safety hole right here at information.de.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3354 (From 24 May 2024). Some helpful assets are listed later on this article.
Eclipse Jetty Safety Advice – Danger: High
Risk degree: 4 (excessive)
CVSS Base Score: 7.5
CVSS provisional rating: 7,2
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The CVSS normal makes it attainable to check potential or precise safety dangers based mostly on varied metrics with a purpose to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For momentary impact, body circumstances which will change over time are thought of within the check. According to CVSS, the present vulnerability is assessed as “excessive” with 7.5 foundation factors.
Eclipse Jetty Bug: Multiple vulnerabilities enable a denial of service
Eclipse Jetty is a Java HTTP server and Java servlet container.
A distant, unknown attacker may exploit a number of vulnerabilities in Eclipse Jetty to carry out a denial of service assault.
Vulnerabilities are recognized by distinctive CVE (Common Vulnerabilities and Exposures) product numbers. CVE-2023-36478 and CVE-2023-44487 on the market.
About safety hole merchandise at a look
Products
IBM Security Guardium 11.3 (cpe:/a:ibm:security_guardium)
Eclipse Jetty Eclipse Jetty Debian Linux (cpe:/o:debian:debian_linux)
IBM Maximo Asset Management 7.6.1 (cpe:/a:ibm:maximo_asset_management)
IBM Security Guardian 10.6 (cpe:/a:ibm:security_guardium)
IBM InfoSphere Information Server 11.7 (cpe:/a:ibm:infosphere_information_server)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
IBM Integration Bus (cpe:/a:ibm:integration_bus)
IBM QRadar SIEM 7.5 (cpe:/a:ibm:qradar_siem)
Eclipse Jetty Eclipse Jetty Eclipse Jetty Eclipse Jetty Atlassian Confluence 8.5 (cpe:/a:atlassian:confluence)
Dell NetWorker vProxyDell NetWorker vProxyAtlassian Confluence Atlassian Confluence Atlassian Confluence
General steps for coping with IT vulnerabilities
- Users of affected programs ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually incorporates extra details about the most recent model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to examine each time a producing firm makes a brand new safety replace accessible.
Sources for updates, patches and workarounds
Here one can find some hyperlinks with details about bug studies, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3354 vom 2024-05-24 (23.05.2024)
For extra data, see:
IBM Security Bulletin 7152890 vom 2024-05-16 (16.05.2024)
For extra data, see:
Atlassian Security Advisory (19.03.2024)
For extra data, see:
DELL Security Update (28.01.2024)
For extra data, see:
IBM Security Bulletin 7108700 vom 2024-01-17 (17.01.2024)
For extra data, see:
Atlassian Security Advisory CONFSERVER-93826 vom 2024-01-03 (02.01.2024)
For extra data, see:
IBM Security Bulletin 7099297 vom 2023-12-18 (18.12.2023)
For extra data, see:
IBM Security Bulletin 7070763 vom 2023-11-29 (28.11.2023)
For extra data, see:
Debian Security Advisory DLA-3656 vom 2023-11-19 (19.11.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7247 vom 2023-11-16 (15.11.2023)
For extra data, see:
IBM Security Bulletin 7076824 vom 2023-11-15 (15.11.2023)
For extra data, see:
Debian Security Advisory DSA-5540 vom 2023-10-30 (30.10.2023)
For extra data, see:
Debian Security Advisory DLA-3641 vom 2023-10-30 (30.10.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:4210-1 vom 2023-10-26 (26.10.2023)
For extra data, see:
Eclipse Jetty launch vom 2023-10-10 (10.10.2023)
For extra data, see:
Version historical past of this safety alert
This is model 13 of this Eclipse Jetty IT Security Notice. This doc shall be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.
October 10, 2023 – First model
October 26, 2023 – New updates from SUSE added
October 30, 2023 – New updates from Debian added
November 15, 2023 – New updates from IBM and Red Hat have been added
11/19/2023 – New updates from Debian added
November 28, 2023 – New updates from IBM added
12/18/2023 – New updates from IBM added
02.01.2024 – New updates from Atlassian added
01/17/2024 – New updates from IBM added
01/28/2024 – New updates from Dell added
03/19/2024 – New updates from Atlassian added
May 16, 2024 – New updates from IBM added
05/23/2024 – New updates from Red Hat added
+++ Editorial word: This doc relies on present BSI information and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here one can find scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de