SB2026050517 - IBM Control Center update for Eclipse Jetty

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026050517

SB2026050517 - IBM Control Center update for Eclipse Jetty

Published: May 5, 2026

Security Bulletin ID SB2026050517
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2026-2332)

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to inject arbitrary HTTP requests.

The vulnerability exists due to inconsistent interpretation of HTTP requests in the chunked transfer encoding extension parser when parsing quoted strings in HTTP/1.1 chunked transfer encoding extension values. A remote attacker can send a specially crafted chunked HTTP request to inject arbitrary HTTP requests.

The issue occurs because CRLF sequences inside quoted strings are treated as chunk header terminators instead of parsing errors.


Remediation

Install update from vendor's website.

References