Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-27218

Опубликовано: 28 нояб. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5.8
CVSS3: 4.8

Описание

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

esm-apps/bionic

needs-triage

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

needs-triage

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 69%
0.00599
Низкий

5.8 Medium

CVSS2

4.8 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-27218

CVSS3: 4.8
redhat
около 5 лет назад

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

nvd логотип

CVE-2020-27218

CVSS3: 4.8
nvd
около 5 лет назад

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

debian логотип

CVE-2020-27218

CVSS3: 4.8
debian
около 5 лет назад

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 ...

suse-cvrf логотип

openSUSE-SU-2021:0012-1

suse-cvrf
около 5 лет назад

Security update for jetty-minimal

suse-cvrf логотип

SUSE-SU-2020:3922-1

suse-cvrf
около 5 лет назад

Security update for jetty-minimal

EPSS

Процентиль: 69%
0.00599
Низкий

5.8 Medium

CVSS2

4.8 Medium

CVSS3