wid-sec-w-2026-0611 · Published 2026-03-04 · View on BSI CERT-Bund ↗

Eclipse Jetty: Vulnerability allows Umgehen from Sicherheitsvorkehrungen

CVSS 3.7 LOW

Risk Summary

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.

CVEs (1)

CVE-2025-11143

Affected Vendors

Eclipse SUSE

Affected Products (4)

Eclipse · Jetty <12.0.31

Eclipse · Jetty 12.0.31

Eclipse · Jetty <12.1.5

Eclipse · Jetty 12.1.5

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more