{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2332", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "state": "PUBLISHED", "assignerShortName": "eclipse", "dateReserved": "2026-02-11T09:56:25.879Z", "datePublished": "2026-04-14T10:59:10.193Z", "dateUpdated": "2026-04-15T03:58:12.322Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2026-04-14T10:59:10.193Z"}, "title": "HTTP Request Smuggling via Chunked Extension Quoted-String Parsing", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-444", "description": "CWE-444 Inconsistent interpretation of HTTP requests ('HTTP Request/Response smuggling')", "type": "CWE"}]}], "affected": [{"vendor": "Eclipse Foundation", "product": "Eclipse Jetty", "collectionURL": "https://repo.maven.apache.org/maven2", "packageName": "pkg://maven/org.eclipse.jetty/jetty-http", "repo": "https://github.com/jetty/jetty.project", "versions": [{"status": "affected", "version": "12.1.0", "lessThanOrEqual": "12.1.6", "versionType": "semver"}, {"status": "affected", "version": "12.0.0", "lessThanOrEqual": "12.0.32", "versionType": "semver"}, {"status": "affected", "version": "11.0.0", "lessThanOrEqual": "11.0.27", "versionType": "semver"}, {"status": "affected", "version": "10.0.0", "lessThanOrEqual": "10.0.27", "versionType": "semver"}, {"status": "affected", "version": "9.4.0", "lessThanOrEqual": "9.4.59", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at\u00a0\\r\\n\u00a0inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:<br><ul><li><span>https://w4ke.info/2025/06/18/funky-chunks.html</span><br></li><li><span>https://w4ke.info/2025/10/29/funky-chunks-2.html</span></li></ul>Jetty terminates chunk extension parsing at&nbsp;<code>\\r\\n</code>&nbsp;inside quoted strings instead of treating this as an error.<br><br>\n<pre>POST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n</pre>\n\n<div><br>Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.<br></div>"}]}], "references": [{"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf", "tags": ["third-party-advisory"]}, {"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89", "tags": ["issue-tracking"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "credits": [{"lang": "en", "value": "https://github.com/xclow3n", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-2332"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T03:58:12.322Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2332", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T13:06:34.622366Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:08:48.379Z"}}], "cna": {"title": "HTTP Request Smuggling via Chunked Extension Quoted-String Parsing", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "https://github.com/xclow3n"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/jetty/jetty.project", "vendor": "Eclipse Foundation", "product": "Eclipse Jetty", "versions": [{"status": "affected", "version": "12.1.0", "versionType": "semver", "lessThanOrEqual": "12.1.6"}, {"status": "affected", "version": "12.0.0", "versionType": "semver", "lessThanOrEqual": "12.0.32"}, {"status": "affected", "version": "11.0.0", "versionType": "semver", "lessThanOrEqual": "11.0.27"}, {"status": "affected", "version": "10.0.0", "versionType": "semver", "lessThanOrEqual": "10.0.27"}, {"status": "affected", "version": "9.4.0", "versionType": "semver", "lessThanOrEqual": "9.4.59"}], "packageName": "pkg://maven/org.eclipse.jetty/jetty-http", "collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf", "tags": ["third-party-advisory"]}, {"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89", "tags": ["issue-tracking"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at\u00a0\\r\\n\u00a0inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.", "supportingMedia": [{"type": "text/html", "value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:<br><ul><li><span>https://w4ke.info/2025/06/18/funky-chunks.html</span><br></li><li><span>https://w4ke.info/2025/10/29/funky-chunks-2.html</span></li></ul>Jetty terminates chunk extension parsing at&nbsp;<code>\\r\\n</code>&nbsp;inside quoted strings instead of treating this as an error.<br><br>\n<pre>POST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n</pre>\n\n<div><br>Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.<br></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444 Inconsistent interpretation of HTTP requests ('HTTP Request/Response smuggling')"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2026-04-14T10:59:10.193Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2332", "state": "PUBLISHED", "dateUpdated": "2026-04-15T03:58:12.322Z", "dateReserved": "2026-02-11T09:56:25.879Z", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "datePublished": "2026-04-14T10:59:10.193Z", "assignerShortName": "eclipse"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0FB149B-EF33-4A51-9B96-030899E250CC", "versionEndExcluding": "9.4.60", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "361D419A-7A89-439A-99B1-D34E9914BAE8", "versionEndExcluding": "10.0.28", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "7020D8E5-61DD-4DB6-82E4-EA46A96838A9", "versionEndExcluding": "11.0.28", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1A6095F-3D1E-40CB-A875-D41BF6C73EB3", "versionEndExcluding": "12.0.33", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5A32954-7B03-46B6-9956-54BE0F8477E8", "versionEndExcluding": "12.1.7", "versionStartIncluding": "12.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at\u00a0\\r\\n\u00a0inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request."}], "id": "CVE-2026-2332", "lastModified": "2026-05-01T13:31:00.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "emo@eclipse.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-14T12:16:21.333", "references": [{"source": "emo@eclipse.org", "tags": ["Exploit", "Vendor Advisory", "Mitigation"], "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf"}, {"source": "emo@eclipse.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "emo@eclipse.org", "type": "Primary"}]}

{"bugzilla": {"description": "org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing", "id": "2458187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458187"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-444", "details": ["A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2026-2332", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "jenkins", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "ocp-tools-4/jenkins-rhel8", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "ocp-tools-4/jenkins-rhel9", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:camel_quarkus:3", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat build of Apache Camel 4 for Quarkus 3"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:apicurio_registry:3", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat build of Apicurio Registry 3"}, {"cpe": "cpe:/a:redhat:debezium:2", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat build of Debezium 2"}, {"cpe": "cpe:/a:redhat:debezium:3", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat build of Debezium 3"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "jmc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat JBoss Web Server 6"}, {"cpe": "cpe:/a:redhat:offline_knowledge_portal:1", "fix_state": "Affected", "package_name": "offline-knowledge-portal/rhokp-rhel9", "product_name": "Red Hat Offline Knowledge Portal"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Affected", "package_name": "devspaces/openvsx-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Affected", "package_name": "devspaces/pluginregistry-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "openvox-server", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "puppetserver", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite-capsule:el8/puppetserver", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:amq_streams:2", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "streams for Apache Kafka 2"}, {"cpe": "cpe:/a:redhat:amq_streams:3", "fix_state": "Affected", "package_name": "jetty-http", "product_name": "streams for Apache Kafka 3"}], "public_date": "2026-04-14T10:59:10Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2332\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2332\nhttps://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf\nhttps://gitlab.eclipse.org/security/cve-assignment/-/issues/89"], "statement": "To exploit this issue, an attacker needs to send a crafted payload to a Jetty server that is behind a reverse proxy or load balancer, specifically with a chunk extension that includes an unclosed double quote before the CRLF to trick the parser. This flaw allows an attacker to bypass security controls, cause cache poisoning or gain unauthorized endpoint access. Due to these reasons, this vulnerability has been rated with an important severity.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.1.0,12.1.6]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.0.0,12.0.32]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.0.0,11.0.27]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.0.0,10.0.27]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.4.0,9.4.59]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Eclipse Jetty", "source": "cna", "vendor": "Eclipse Foundation"}, "product": "jetty", "vendor": "eclipse"}], "analysis": {"en": {"generated_at": "2026-04-14T12:50:52.553997+00:00", "value": {"mitigation_remediation": ["Update Eclipse Jetty to the latest version that contains the CVE\u20112026\u20112332 fix", "After upgrading, verify correct handling of chunked requests by running test cases similar to the described payload", "If a patch is not yet available, block or reject requests that use Transfer\u2011Encoding: chunked on the network perimeter, or enforce strict header validation", "Monitor Jetty security advisories for updates and apply subsequent patches as soon as they become available"], "summary": {"action": "Apply Patch", "impact": "HTTP Request Smuggling"}, "threat_synthesis": {"affected_systems": "Products impacted are those that include the Eclipse Jetty web server. Versions of Jetty before the published fix are potentially vulnerable. No specific version range is documented in this advisory.", "description_and_impact": "The Eclipse Jetty HTTP/1.1 parser incorrectly terminates parsing of chunk extensions when a quoted string is not closed, treating the CRLF inside the string as a boundary. This flaw enables an attacker to embed a second HTTP request within a single connection by sending a crafted chunked request. The smuggled request is processed downstream without being seen by the front\u2011end proxy, allowing the attacker to potentially bypass authentication checks or other controls.", "risk_and_exploitability": "The CVSS v3 score of 7.4 indicates high severity. EPSS data is not available and the vulnerability is not listed in CISA's KEV catalog. The flaw can be exploited remotely by anyone with network access to the Jetty instance; no authentication or local privileges are required. An attacker can issue a single HTTP request containing a malformed chunk extension to trigger the smuggling behavior, potentially bypassing authorisation or affecting request routing."}}}}, "created": "2026-04-14T16:15:38.228520+00:00", "updated": "2026-04-14T16:30:35.210617+00:00", "vendors": ["eclipse", "eclipse$PRODUCT$jetty"]}