Vulnerability Identifier

CVE-2024-6763

2024-10-14

Severity Assessment

3.7

LOW

CVSS v3.x Score

Clinical Analysis (Description)

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.

The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI
differs from the common browsers in how it handles a URI that would be
considered invalid if fully validated against the RRC. Specifically HttpURI
and the browser may differ on the value of the host extracted from an
invalid URI and thus a combination of Jetty and a vulnerable browser may
be vulnerable to a open redirect attack or to a SSRF attack if the URI
is used after passing validation checks.

Vector Sequencing

Attack Parameters

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Impact Consequences

Technical Impact

Unchanged

Scope

None

Confidentiality

Low

Integrity

None

Availability

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Weakness Classification

CWE-CWE-1286

View CWE Details ↗

Affected Population

Affected Configurations

Total: 205 detected entries

Software List Scrollable

jetty

Vendor: eclipse • v9.3.4

jetty

Vendor: eclipse • v9.3.6

jetty

Vendor: eclipse • v7.6.2

jetty

Vendor: eclipse • v9.4.30

jetty

Vendor: eclipse • v9.4.8

jetty

Vendor: eclipse • v9.4.37

jetty

Vendor: eclipse • v9.3.7

jetty

Vendor: eclipse • v9.2.2

jetty

Vendor: eclipse • v9.1.0

jetty

Vendor: eclipse • v9.3.2

jetty

Vendor: eclipse • v9.4.7

jetty

Vendor: eclipse • v9.3.3

jetty

Vendor: eclipse • v7.1.4

jetty

Vendor: eclipse • v7.4.0

jetty

Vendor: eclipse • v9.0.7

jetty

Vendor: eclipse • v9.1.1

jetty

Vendor: eclipse • v8.0.3

jetty

Vendor: eclipse • v9.3.11

jetty

Vendor: eclipse • v9.3.5

jetty

Vendor: eclipse • v9.4.29

jetty

Vendor: eclipse • v8.1.3

jetty

Vendor: eclipse • v9.4.26

jetty

Vendor: eclipse • v7.1.3

jetty

Vendor: eclipse • v7.5.4

jetty

Vendor: eclipse • v9.4.11

jetty

Vendor: eclipse • v9.4.17

jetty

Vendor: eclipse • v7.6.16

jetty

Vendor: eclipse • v9.2.19

jetty

Vendor: eclipse • v9.4.12

jetty

Vendor: eclipse • v9.4.55

jetty

Vendor: eclipse • v9.0.0

jetty

Vendor: eclipse • v9.3.10

jetty

Vendor: eclipse • v9.0.1

jetty

Vendor: eclipse • v7.6.10

jetty

Vendor: eclipse • v9.4.47

jetty

Vendor: eclipse • v9.4.33

jetty

Vendor: eclipse • v7.5.1

jetty

Vendor: eclipse • v9.4.21

jetty

Vendor: eclipse • v9.4.9

jetty

Vendor: eclipse • v9.3.23

jetty

Vendor: eclipse • v8.1.12

jetty

Vendor: eclipse • v7.4.1

jetty

Vendor: eclipse • v9.3.8

jetty

Vendor: eclipse • v8.1.8

jetty

Vendor: eclipse • v9.3.24

jetty

Vendor: eclipse • v9.4.27

jetty

Vendor: eclipse • v9.4.3

jetty

Vendor: eclipse • v7.6.21

jetty

Vendor: eclipse • v9.4.40

jetty

Vendor: eclipse • v9.4.14

jetty

Vendor: eclipse • v7.4.4

jetty

Vendor: eclipse • v9.3.0

jetty

Vendor: eclipse • v9.2.6

jetty

Vendor: eclipse • v7.6.18

jetty

Vendor: eclipse • v9.3.9

jetty

Vendor: eclipse • v9.0.5

jetty

Vendor: eclipse • v9.2.23

jetty

Vendor: eclipse • v8.1.6

jetty

Vendor: eclipse • v9.3.17

jetty

Vendor: eclipse • v7.6.17

jetty

Vendor: eclipse • v8.2.0

jetty

Vendor: eclipse • v8.0.0

jetty

Vendor: eclipse • v7.1.0

jetty

Vendor: eclipse • v9.3.22

jetty

Vendor: eclipse • v9.3.21

jetty

Vendor: eclipse • v9.4.53

jetty

Vendor: eclipse • v9.4.24

jetty

Vendor: eclipse • v9.2.1

jetty

Vendor: eclipse • v9.4.19

jetty

Vendor: eclipse • v8.1.2

jetty

Vendor: eclipse • v7.6.3

jetty

Vendor: eclipse • v9.2.13

jetty

Vendor: eclipse • v9.4.43

jetty

Vendor: eclipse • v9.4.15

jetty

Vendor: eclipse • v7.1.2

jetty

Vendor: eclipse • v9.4.42

jetty

Vendor: eclipse • v7.6.9

jetty

Vendor: eclipse • v9.2.21

jetty

Vendor: eclipse • v7.1.5

jetty

Vendor: eclipse • v9.4.41

jetty

Vendor: eclipse • v9.4.10

jetty

Vendor: eclipse • v7.6.20

jetty

Vendor: eclipse • v8.1.18

jetty

Vendor: eclipse • v7.0.2

jetty

Vendor: eclipse • v8.0.1

jetty

Vendor: eclipse • v7.6.6

jetty

Vendor: eclipse • v9.3.25

jetty

Vendor: eclipse • v9.0.3

jetty

Vendor: eclipse • v9.4.4

jetty

Vendor: eclipse • v9.4.0

jetty

Vendor: eclipse • v8.1.20

jetty

Vendor: eclipse • v9.4.38

jetty

Vendor: eclipse • v9.4.20

jetty

Vendor: eclipse • v9.2.3

jetty

Vendor: eclipse • v8.1.11

jetty

Vendor: eclipse • v9.2.22

jetty

Vendor: eclipse • v7.6.13

jetty

Vendor: eclipse • v9.2.8

jetty

Vendor: eclipse • v9.3.1

jetty

Vendor: eclipse • v7.6.0

jetty

Vendor: eclipse • v9.4.52

jetty

Vendor: eclipse • v8.1.19

jetty

Vendor: eclipse • v8.1.13

jetty

Vendor: eclipse • v9.3.13

jetty

Vendor: eclipse • v9.4.48

jetty

Vendor: eclipse • v9.4.18

jetty

Vendor: eclipse • v9.2.12

jetty

Vendor: eclipse • v8.1.10

jetty

Vendor: eclipse • v9.1.2

jetty

Vendor: eclipse • v7.6.12

jetty

Vendor: eclipse • v9.3.14

jetty

Vendor: eclipse • v8.0.2

jetty

Vendor: eclipse • v9.4.23

jetty

Vendor: eclipse • v9.3.18

jetty

Vendor: eclipse • v9.4.2

jetty

Vendor: eclipse • v7.5.0

jetty

Vendor: eclipse • v9.0.4

jetty

Vendor: eclipse • v8.1.22

jetty

Vendor: eclipse • v9.2.28

jetty

Vendor: eclipse • v8.1.16

jetty

Vendor: eclipse • v7.6.8

jetty

Vendor: eclipse • v7.6.14

jetty

Vendor: eclipse • v9.0.2

jetty

Vendor: eclipse • v8.0.4

jetty

Vendor: eclipse • v9.2.24

jetty

Vendor: eclipse • v9.1.6

jetty

Vendor: eclipse • v9.4.1

jetty

Vendor: eclipse • v9.2.17

jetty

Vendor: eclipse • v8.1.4

jetty

Vendor: eclipse • v9.4.32

jetty

Vendor: eclipse • v9.4.16

jetty

Vendor: eclipse • v9.3.26

jetty

Vendor: eclipse • v9.2.25

jetty

Vendor: eclipse • v9.4.5

jetty

Vendor: eclipse • v9.4.51

jetty

Vendor: eclipse • v9.4.44

jetty

Vendor: eclipse • v8.1.17

jetty

Vendor: eclipse • v8.1.15

jetty

Vendor: eclipse • v9.2.7

jetty

Vendor: eclipse • v8.1.9

jetty

Vendor: eclipse • v9.2.11

jetty

Vendor: eclipse • v9.3.29

jetty

Vendor: eclipse • v9.1.3

jetty

Vendor: eclipse • v9.3.15

jetty

Vendor: eclipse • v9.2.15

jetty

Vendor: eclipse • v9.3.16

jetty

Vendor: eclipse • v9.4.25

jetty

Vendor: eclipse • v7.2.2

jetty

Vendor: eclipse • v9.2.18

jetty

Vendor: eclipse • v9.4.49

jetty

Vendor: eclipse • v7.1.6

jetty

Vendor: eclipse • v7.2.1

jetty

Vendor: eclipse • v7.6.19

jetty

Vendor: eclipse • v7.4.5

jetty

Vendor: eclipse • v8.1.21

jetty

Vendor: eclipse • v7.4.2

jetty

Vendor: eclipse • v9.4.31

jetty

Vendor: eclipse • v9.3.12

jetty

Vendor: eclipse • v9.1.4

jetty

Vendor: eclipse • v7.1.1

jetty

Vendor: eclipse • v7.6.4

jetty

Vendor: eclipse • v9.2.0

jetty

Vendor: eclipse • v9.4.46

jetty

Vendor: eclipse • v8.1.7

jetty

Vendor: eclipse • v7.2.0

jetty

Vendor: eclipse • v9.4.45

jetty

Vendor: eclipse • v7.3.0

jetty

Vendor: eclipse • v9.4.35

jetty

Vendor: eclipse • v7.6.5

jetty

Vendor: eclipse • v9.2.9

jetty

Vendor: eclipse • v7.6.1

jetty

Vendor: eclipse • v7.6.7

jetty

Vendor: eclipse • v9.2.14

jetty

Vendor: eclipse • v7.5.2

jetty

Vendor: eclipse • v9.1.5

jetty

Vendor: eclipse • v9.4.39

jetty

Vendor: eclipse • v9.4.13

jetty

Vendor: eclipse • v9.2.5

jetty

Vendor: eclipse • v9.4.6

jetty

Vendor: eclipse • v9.4.50

jetty

Vendor: eclipse • v9.2.27

jetty

Vendor: eclipse • v9.3.27

jetty

Vendor: eclipse • v9.3.19

jetty

Vendor: eclipse • v7.5.3

jetty

Vendor: eclipse • v8.1.1

jetty

Vendor: eclipse • v9.4.34

jetty

Vendor: eclipse • v7.4.3

jetty

Vendor: eclipse • v9.2.26

jetty

Vendor: eclipse • v7.6.11

jetty

Vendor: eclipse • v9.2.20

jetty

Vendor: eclipse • v8.1.5

jetty

Vendor: eclipse • v9.0.6

jetty

Vendor: eclipse • v9.2.16

jetty

Vendor: eclipse • v9.3.20

jetty

Vendor: eclipse • v9.4.36

jetty

Vendor: eclipse • v9.4.22

jetty

Vendor: eclipse • v7.6.15

jetty

Vendor: eclipse • v8.1.0

jetty

Vendor: eclipse • v7.0.1

jetty

Vendor: eclipse • v9.2.10

jetty

Vendor: eclipse • v7.0.0

jetty

Vendor: eclipse • v7.3.1

jetty

Vendor: eclipse • v8.1.14

jetty

Vendor: eclipse • v9.2.4

jetty

Vendor: eclipse • v9.4.28

Timeline

Time Line

PUBLICATION

14 Oct 2024

MODIFICATION

10 Jul 2025

FIRST PATCH

21 Apr 2026

Impact Statistics

Key Metrics

CVSS Score

3.7

LOW

Products

205

Affected

Patches

Available

Remediation Protocol

Immediate Action Plan

1. Inventory

Identify all affected systems in your infrastructure.

2. Assessment

Assess exposure and criticality for your organization.

3. Mitigation

Apply patches or available workarounds.

4. Verification

Test and confirm effectiveness of applied measures.

Sources & Bibliography

NIST NVD MITRE CVE External Reference ↗ External Reference ↗ External Reference ↗ External Reference ↗

CVE Vulnerabilities

Posts & Pages

CVE-2024-6763

Attack Parameters

Technical Impact

CWE-CWE-1286

Affected Configurations

Time Line

Key Metrics

Recommended Solution

Immediate Action Plan

1. Inventory

2. Assessment

3. Mitigation

4. Verification