Product
Eclipse Jetty: Multiple Vulnerabilities Including Arbitrary Code Execution
2 TTPsAn authenticated remote attacker can exploit multiple vulnerabilities in Eclipse Jetty to achieve arbitrary code execution, bypass security measures, or perform an HTTP cache poisoning attack, necessitating immediate patching and enhanced monitoring of Jetty instances.
Unusual Child Process Execution from Linux Web Servers
2 rules 4 TTPsThis rule detects unusual child process executions originating from web server processes on Linux systems, which attackers may use to maintain persistence on a compromised system by exploiting web server vulnerabilities.
Suspicious Command Execution via Web Server on Linux
2 rules 3 TTPsIdentifies suspicious command executions via a web server on Linux systems, which may suggest a vulnerability and remote shell access.
Eclipse Jetty JASPIAuthenticator ThreadLocal Privilege Escalation (CVE-2026-5795)
2 rules 1 TTP 1 CVEEclipse Jetty is vulnerable to broken access control and privilege escalation due to improper handling of ThreadLocal variables within the JASPIAuthenticator, potentially leading to unauthorized access.