CVE

CVE-2017-7656

Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)

Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), contain an HTTP Request Smuggling Vulnerability that can result in cache poisoning.

Endor Patches

com.thoughtworks.xstream:xstream