Back to CVE List

CVE-2025-11143

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.7 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Description

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-20
Source
NVD
Vendor
Eclipse Foundation
Product
Eclipse Jetty

External References

Discussion (0)

Add Comment

No comments yet. Be the first!