How severe is CVE-2024-6763?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-6763?

This is classified as CWE-1286, which is a common weakness in software security.

CVE-2024-6763 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.

Related Vulnerabilities

CVE-2025-24348

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration fi...

CWE-12862025

CVE-2023-23903

MEDIUM

CVSS:4.9(Medium)

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return a...

CWE-12862023

CVE-2025-46419

MEDIUM

CVSS:5.9(Medium)

Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.

CWE-12862025

CVE-2020-16220

MEDIUM

CVSS:4.3(Medium)

In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain ...

CWE-12862020

CVE-2023-24015

MEDIUM

CVSS:4.3(Medium)

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be ...

CWE-12862023

CVE-2024-8772

MEDIUM

CVSS:4.3(Medium)

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overl...

CWE-12862024