Описание
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | http2-server | Not affected | ||
| Red Hat AMQ Broker 7 | http2-server | Will not fix | ||
| Red Hat build of Debezium 1 | http2-server | Not affected | ||
| Red Hat build of Quarkus | http2-server | Not affected | ||
| Red Hat Data Grid 8 | http2-server | Not affected | ||
| Red Hat Integration Camel K 1 | http2-server | Not affected | ||
| Red Hat Integration Camel Quarkus 1 | http2-server | Not affected | ||
| Red Hat JBoss Data Grid 7 | http2-server | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | http2-server | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | http2-server | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...
Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
Уязвимость контейнера сервлетов Eclipse Jetty, связанная с недостаточным управлением системными ресурсами, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3