logo

Database

Improper resource allocation In org.eclipse.jetty:jetty-server

Description

Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-125452. NVD-2018-125453. OSV-2018-125454. GHSA-h2f4-v4c4-6wx45. GCVE-2018-12545

References

1. https://bugs.eclipse.org/bugs/show_bug.cgi?id=5380962. https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E3. https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E4. https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E5. https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E6. https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E7. https://lists.fedoraproject.org/archives/list/[email protected]/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG68. https://www.oracle.com/security-alerts/cpuoct2020.html9. https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.