How severe is CVE-2023-40167?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-40167?

This is classified as CWE-130, which is a common weakness in software security.

CVE-2023-40167 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.

Related Vulnerabilities

CVE-2022-20686

MEDIUM

CVSS:5.3(Medium)

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute ...

CWE-1302022

CVE-2022-3272

MEDIUM

CVSS:5.3(Medium)

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.

CWE-1302022

CVE-2024-42460

MEDIUM

CVSS:5.3(Medium)

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.

CWE-1302024

CVE-2021-26329

MEDIUM

CVSS:5.5(Medium)

AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.

CWE-1302021

CVE-2021-36373

MEDIUM

CVSS:5.5(Medium)

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used t...

CWE-1302021

CVE-2021-36374

MEDIUM

CVSS:5.5(Medium)

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Thi...

CWE-1302021