CVE-2023-40167— Jetty accepts "+" prefixed value in Content-Length
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-40167
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Jetty accepts "+" prefixed value in Content-Length
Source: NVD (National Vulnerability Database)
Vulnerability Description
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
长度参数不一致性处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Eclipse Jetty 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty 存在安全漏洞,该漏洞源于拒绝请求并返回400响应。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| eclipse | jetty.project | >= 9.0.0, <= 9.4.51 | - |
II. Public POCs for CVE-2023-40167
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | None | https://github.com/uthrasri/Jetty-v9.4.31_CVE-2023-40167- | POC Details |
| 2 | None | https://github.com/uthrasri/Jetty-v9.4.31_CVE-2023-40167 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-40167
请登录查看更多情报信息。
- https://www.rfc-editor.org/rfc/rfc9110#section-8.6x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2023-40167
Same Patch Batch · eclipse · 2023-09-15 · 3 CVEs total
| CVE-2023-41900 | 3.5 LOW | Jetty's OpenId Revoked authentication allows one request |
| CVE-2023-36479 | 3.5 LOW | Jetty vulnerable to errant command quoting in CGI Servlet |
IV. Related Vulnerabilities
Same product: jetty.project
- CVE-2024-22201
Jetty connection leaking on idle timeout when TCP congested - CVE-2023-36478
HTTP/2 HPACK integer overflow and buffer allocation - CVE-2023-41900
Jetty's OpenId Revoked authentication allows one request - CVE-2023-36479
Jetty vulnerable to errant command quoting in CGI Servlet - CVE-2023-26049
Cookie parsing of quoted values can exfiltrate values from o
Same weakness: CWE-130
- CVE-2026-5766
Potential denial-of-service vulnerability in ASGI requests v - CVE-2026-33846
Gnutls: gnutls: denial of service via heap buffer overflow i - CVE-2026-3868
Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞 - CVE-2026-5265
Ovn: ovn: heap over-read in icmp error response generation - - CVE-2026-5367
Ovn: ovn: information disclosure via crafted dhcpv6 packets
V. Comments for CVE-2023-40167
No comments yet