CVE-2024-6763

Summary

CVE-2024-6763 is a vulnerability affecting Eclipse Jetty, a popular Java-based web server and Servlet engine. The issue lies in the HttpURI utility class, which is responsible for URI/URL parsing. This class fails to adequately validate the authority segment of a URI, leading to potential inconsistencies between Jetty and vulnerable browsers in handling invalid URIs. When an incorrect URI is used after validation checks, the system may become vulnerable to open redirect attacks or Server Side Request Forgery (SSRF) attacks. Although the behavior of HttpURI differs from common browsers in handling such URIs, the combination of an unpatched Jetty installation and a vulnerable browser poses a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.