CVE-2022-2047 — LOW (2.7) — White Hats Nepal

Q: How severe is CVE-2022-2047?

CVE-2022-2047 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-2047?

Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Jetty, Debian Debian Linux, Netapp Element Plug-In For Vcenter Server, Netapp Management Services For Element Software And Netapp Hci, Netapp Snapcenter.

Vulnerability Description

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

CVSS Score

2.7

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Eclipse	Jetty	< 9.4.46
Debian	Debian Linux	10.0
Netapp	Element Plug-In For Vcenter Server	-
Netapp	Management Services For Element Software And Netapp Hci	-
Netapp	Snapcenter	-
Netapp	Solidfire \& Hci Storage Node	-
Netapp	Hci Compute Node	-

Related Weaknesses (CWE)

CWE-20

References

https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7qPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20220901-0006/Third Party Advisory
https://www.debian.org/security/2022/dsa-5198Third Party Advisory
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7qPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20220901-0006/Third Party Advisory
https://www.debian.org/security/2022/dsa-5198Third Party Advisory

FAQ

What is CVE-2022-2047?

CVE-2022-2047 is a vulnerability with a CVSS score of 2.7 (LOW). In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly det...

How severe is CVE-2022-2047?

CVE-2022-2047 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-2047?

Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Jetty, Debian Debian Linux, Netapp Element Plug-In For Vcenter Server, Netapp Management Services For Element Software And Netapp Hci, Netapp Snapcenter.