VDB
CVE-2025-11143
CVE-2025-11143
PUBLISHED
CVSS 3.700000047683716 LOW
org.eclipse.jetty:jetty-http has different parsing of invalid URIs
EPSS 0.14% · 34.7th percentile
Risk Scores
CVSS v3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.14%
34.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| eclipse | jetty | 9.4.0, 12.0.0, 12.1.0 |
| Eclipse Foundation | Eclipse Jetty | 9.4.0, 10.0.0, 11.0.0 |
| Maven | org.eclipse.jetty:jetty-http | 9.4.0, 11.0.0, 12.0.0 |
Timeline
- Mar 5, 2026 CVE Published
- Mar 5, 2026 EPSS Score
- Mar 5, 2026 PoC Published
- Mar 6, 2026 EPSS Score
- Mar 6, 2026 CVE Updated
- Mar 7, 2026 EPSS Score
- Mar 9, 2026 EPSS Score
- Mar 10, 2026 EPSS Score
- Mar 11, 2026 EPSS Score
- Mar 12, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404 advisory
- https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh url
- https://nvd.nist.gov/vuln/detail/CVE-2025-11143 advisory
- https://github.com/jetty/jetty.project package
- https://github.com/user-attachments/files/22222625/Java.Eclipse.Jetty.Report_.Incorrect.Parsing.Priority.of.the.IPv6.Hostname.Delimeter.pdf url
- https://github.com/user-attachments/files/22222626/Java.Eclipse.Jetty.Report_.The.Parsing.Priority.of.the.Delimiter.pdf url
- https://github.com/user-attachments/files/22222627/Java.Eclipse.Jetty.Report_.Parsing.Difference.Due.to.Deformed.Scheme.pdf url
- https://github.com/user-attachments/files/22222630/Java.Eclipse.Jetty.Report_.Improper.IPv4-mapped.IPv6.Parsing.pdf url
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37451 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37445 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37460 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37449 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37450 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37466 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37468 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37444 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37461 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37459 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37446 advisory
…and 23 more