DEBIAN-CVE-2025-11143

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-11143
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11143.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-11143
Upstream
Published
2026-03-05T10:15:54.680Z
Modified
2026-03-09T02:11:05.812857Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.

References

Affected packages

Debian:11
jetty9

Package

Name
jetty9
Purl
pkg:deb/debian/jetty9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*
9.4.39-3
9.4.39-3+deb11u1
9.4.39-3+deb11u2
9.4.44-1
9.4.44-2
9.4.44-3
9.4.44-4
9.4.45-1
9.4.46-1
9.4.48-1
9.4.49-1
9.4.49-1.1
9.4.50-1~bpo11+1
9.4.50-1
9.4.50-2
9.4.50-3
9.4.50-4
9.4.50-4+deb11u1
9.4.50-4+deb11u2
9.4.51-1
9.4.51-2
9.4.52-1
9.4.53-1
9.4.54-1
9.4.55-1
9.4.56-1
9.4.57-0+deb11u1
9.4.57-0+deb11u2
9.4.57-0+deb11u3
9.4.57-1
9.4.57-1.1~deb12u1
9.4.57-1.1~deb13u1
9.4.57-1.1
9.4.58-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11143.json"
Debian:12
jetty9

Package

Name
jetty9
Purl
pkg:deb/debian/jetty9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*
9.4.50-4
9.4.50-4+deb12u1
9.4.50-4+deb12u2
9.4.50-4+deb12u3
9.4.51-1
9.4.51-2
9.4.52-1
9.4.53-1
9.4.54-1
9.4.55-1
9.4.56-1
9.4.57-0+deb12u1
9.4.57-1
9.4.57-1.1~deb12u1
9.4.57-1.1~deb13u1
9.4.57-1.1
9.4.58-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11143.json"
Debian:13
jetty12

Package

Name
jetty12
Purl
pkg:deb/debian/jetty12?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

12.*
12.0.17-3
12.0.17-3.1~deb13u1
12.0.17-3.1
12.0.32-1
12.0.32-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11143.json"
jetty9

Package

Name
jetty9
Purl
pkg:deb/debian/jetty9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*
9.4.57-1
9.4.57-1.1~deb12u1
9.4.57-1.1~deb13u1
9.4.57-1.1
9.4.58-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11143.json"
Debian:14
jetty12

Package

Name
jetty12
Purl
pkg:deb/debian/jetty12?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.32-1

Affected versions

12.*
12.0.17-3
12.0.17-3.1~deb13u1
12.0.17-3.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11143.json"
jetty9

Package

Name
jetty9
Purl
pkg:deb/debian/jetty9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*
9.4.57-1
9.4.57-1.1~deb12u1
9.4.57-1.1~deb13u1
9.4.57-1.1
9.4.58-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11143.json"