Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-2191

Опубликовано: 07 июл. 2022
Источник: redhat
CVSS3: 7.5

Описание

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

A flaw was found in the Jetty-server package. This flaw allows an attacker to send invalid requests, causing a denial of service in the Jetty Server.

Отчет

In Red Hat Satellite 6.9 we are using 9.4.x or below of jetty-server. Red Hat Satellite 6.10 is not using jetty-server anymore. This flaw only affects versions above 10.0.x or 11.0.x of jetty-server, therefore Red Hat Satellite 6.9 or 6.10 are not impacted by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2jetty-serverNot affected
Red Hat AMQ Broker 7jetty-serverNot affected
Red Hat build of Apicurio Registry 2jetty-serverNot affected
Red Hat build of Debezium 1jetty-serverNot affected
Red Hat build of Quarkusjetty-serverNot affected
Red Hat Data Grid 8jetty-serverNot affected
Red Hat Decision Manager 7jetty-serverNot affected
Red Hat Fuse 7jetty-serverNot affected
Red Hat Integration Camel K 1jetty-serverNot affected
Red Hat Integration Camel Quarkus 1jetty-serverNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-404
https://bugzilla.redhat.com/show_bug.cgi?id=2116953jetty-server: Improper release of ByteBuffers in SslConnections

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-2191

CVSS3: 7.5
ubuntu
около 3 лет назад

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

nvd логотип

CVE-2022-2191

CVSS3: 7.5
nvd
около 3 лет назад

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

debian логотип

CVE-2022-2191

CVSS3: 7.5
debian
около 3 лет назад

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 v ...

github логотип

GHSA-8mpp-f3f7-xc28

CVSS3: 7.5
github
около 3 лет назад

Jetty SslConnection does not release pooled ByteBuffers in case of errors

fstec логотип

BDU:2023-05665

CVSS3: 7.5
fstec
около 3 лет назад

Уязвимость компонента SslConnections контейнера сервлетов Eclipse Jetty, позволяющая нарушителю вызвать отказ в обслуживании

7.5 High

CVSS3