Jetty version 9.4.37.v20210219 suffers from an information disclosure vulnerability.
2db5d62005c6515d8366be3e8c08c4df222e8620470f674dec2932c545737167
An information disclosure vulnerability exists when Centaur and TitanSMA fail to properly protect critical system logs such as 'syslog'. Additionally, the implemented Jetty version (9.4.z-SNAPSHOT) suffers from a memory leak of shared buffers that was (supposedly) patched in Jetty version 9.2.9.v20150224.
55eb430433523641ba5cf8b77fd53ad41657476cb305375f3e6a34c3ebb32cee
Jetty version 6.1.6 suffers from a cross site scripting vulnerability.
5a16f6df9887b8370e3580d8d5ebef0042e20e2a03a0475e679f35aa0a28c482
Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected. Proof of concept code included.
17f918c6ed7be55415f6475ca5befcbf2d795848bb2960612e998e54f15479d5
Jetty versions 6.x and 7.x suffer from cross site scripting, injection, and information disclosure vulnerabilities.
5f6bdd64a6596d46cbd0a5ae2448106b4656a8543eb8f07317ef5d4b92ae82d9
Mortbay Jetty versions 7.0.0-pre5 and below dispatcher servlet denial of service exploit.
f66271be2229a03b1932399b1b0b4487d492f57519db5138a2bb1f932b5197b8