Main Vulnerability Database SB2025081597

SB2025081597 - Anolis OS update for jetty

Published: August 15, 2025

Security Bulletin ID SB2025081597

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2022-2047)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when parsing invalid URIs such as http://localhost;/path. A remote attacker can pass specially crafted input to the application and bypass implemented security restrictions, as the Jetty's HttpClient, and Jetty's ProxyServlet / AsyncProxyServlet / AsyncMiddleManServlet will wrongly interpret an authority of such URI as the one with a hostname.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2025:0535

Vulnerable Software

Anolis OS: 23
jetty-xml: before 9.4.43-6
jetty-webapp: before 9.4.43-6
jetty-util-ajax: before 9.4.43-6
jetty-util: before 9.4.43-6
jetty-servlet: before 9.4.43-6
jetty-server: before 9.4.43-6
jetty-security: before 9.4.43-6
jetty-jmx: before 9.4.43-6
jetty-javadoc: before 9.4.43-6
jetty-jaas: before 9.4.43-6
jetty-io: before 9.4.43-6
jetty-http: before 9.4.43-6
jetty-continuation: before 9.4.43-6
jetty-client: before 9.4.43-6
jetty: before 9.4.43-6

SB2025081597 - Anolis OS update for jetty

Breakdown by Severity

Description

Remediation

References

Please verify you're human