Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-12545

Опубликовано: 20 мар. 2019
Источник: redhat
CVSS3: 3.7

Описание

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

Отчет

This issue affects the versions of jetty which is embedded in the nutch package as shipped with Red Hat Satellite 5. The jetty server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low in the context of Red Hat Satellite 5. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6jetty-eclipseNot affected
Red Hat Enterprise Linux 7jettyWill not fix
Red Hat Fuse 7jettyNot affected
Red Hat JBoss Fuse 6jettyOut of support scope
Red Hat Satellite 5nutchOut of support scope
Red Hat Software Collectionsrh-java-common-jettyWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1696062jetty: large settings frames causing denial of service

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-12545

CVSS3: 7.5
ubuntu
почти 7 лет назад

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

nvd логотип

CVE-2018-12545

CVSS3: 7.5
nvd
почти 7 лет назад

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

debian логотип

CVE-2018-12545

CVSS3: 7.5
debian
почти 7 лет назад

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to ...

github логотип

GHSA-h2f4-v4c4-6wx4

CVSS3: 7.5
github
почти 7 лет назад

Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server

fstec логотип

BDU:2019-04256

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость HTTP-сервера Jetty, связанная с неконтролируемым расходом ресурса, позволяющая нарушителю вызвать отказ в обслуживании

3.7 Low

CVSS3