{"containers": {"cna": {"affected": [{"product": "Eclipse Jetty", "vendor": "The Eclipse Foundation", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "9.3.0", "versionType": "custom"}, {"lessThan": "9.4.12", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T21:14:54", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"}, {"name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"}, {"name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"}, {"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"}, {"name": "FEDORA-2019-d9f867cb65", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"}, {"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12545", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Jetty", "version": {"version_data": [{"version_affected": ">=", "version_value": "9.3.0"}, {"version_affected": "<", "version_value": "9.4.12"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E"}, {"name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E"}, {"name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E"}, {"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"}, {"name": "FEDORA-2019-d9f867cb65", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"}, {"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"}]}}}}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2018-12545", "datePublished": "2019-03-27T19:21:37", "dateReserved": "2018-06-18T00:00:00", "dateUpdated": "2020-10-20T21:14:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*", "matchCriteriaId": "7E548698-6582-4598-A832-B64483B8D2D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*", "matchCriteriaId": "14AA2E29-F543-4B80-B8DD-F76187E63A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*", "matchCriteriaId": "9B74BDCF-AF80-4679-8915-7D01E90BF4D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*", "matchCriteriaId": "580A8553-56D1-41F3-A8A9-5698D3FA7F12", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*", "matchCriteriaId": "C2784485-FE0D-454D-B4EC-9F91EE396AB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*", "matchCriteriaId": "C0AD7F68-96BD-442F-BC36-091D19BC1AC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "34269139-FB46-4EF8-BE3A-7B130F25B5E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "77FD0118-11CC-41AB-9B12-030B1F6F8EBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*", "matchCriteriaId": "A4D8788C-C718-479B-B441-B3C40F261CE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*", "matchCriteriaId": "EFB22D92-F41A-4C35-8FD6-1A57E9A25132", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*", "matchCriteriaId": "58368FE2-71A7-470B-A918-E5DB97EE5176", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*", "matchCriteriaId": "7D6CC58E-E40C-4D7A-B0EC-CDB5831FDA78", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*", "matchCriteriaId": "612EB189-F829-4426-90CE-EBD75F91E652", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*", "matchCriteriaId": "51C4F42E-99CE-4D4B-89B2-E43EE85FDE2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*", "matchCriteriaId": "2D040A9F-5FE2-48DB-BD7D-83DDB4CE8B8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "AD6F208D-C7B2-4C3C-9FF7-6BF6618D2DCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*", "matchCriteriaId": "56472E25-401A-411D-9A13-3EAB65025DFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*", "matchCriteriaId": "525AC31D-F470-4E09-88D8-261FFEA88C50", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*", "matchCriteriaId": "A5B32089-B410-4D62-8751-8341CC696F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*", "matchCriteriaId": "327C5D1A-2CB7-4F0C-B0CB-4D8CBB068D77", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "E70AB03E-BE50-43B1-B6BA-BFEFFEE73D94", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*", "matchCriteriaId": "9781FB3C-386A-4CB8-B330-B707E8F56F55", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*", "matchCriteriaId": "880FD5EC-D796-4232-B587-A99F80FDB68E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*", "matchCriteriaId": "DEB8AEEB-77E4-41E7-A097-2A3DE29DF89B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*", "matchCriteriaId": "D52DFC06-3B44-4675-B7BA-18535B1499C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "83292226-E45E-4B13-963B-36FE18815939", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "1A5D6F9A-3326-4C74-932D-DDE4AD900D1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*", "matchCriteriaId": "FC9739B3-070C-4D1D-BD44-E16DC23D5F3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "E6C07F9D-27C0-4A56-97EE-D0392CFEEB96", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*", "matchCriteriaId": "0B466BB1-D312-4F4A-9A96-1F88620A970D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "A0279CFA-12F5-4D73-9136-3EC240F14107", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*", "matchCriteriaId": "47C060B9-CEED-4D24-BC47-FE1AF604A72C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*", "matchCriteriaId": "AF745A33-0FEF-47E6-B549-8349C6D63B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "39C85CB4-BC76-4E2D-B7FF-72EAF85DA40F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*", "matchCriteriaId": "363C327A-B383-4D07-9442-55254D3284E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*", "matchCriteriaId": "BDCF78F5-AC04-4F98-A57B-0C60C184589A", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*", "matchCriteriaId": "B655ED4D-1A48-414B-AD5B-AC08644CE7E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*", "matchCriteriaId": "516E3314-C528-4DEF-B673-829094612C05", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*", "matchCriteriaId": "384F3A83-DDD5-4DC2-8257-F3A14BFD79E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*", "matchCriteriaId": "2688CA0E-2A36-4BAA-88CA-CA00DDA276EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*", "matchCriteriaId": "6482DF67-9178-409D-A522-68ACF3D08208", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*", "matchCriteriaId": "FEC43E92-04B8-4F90-82C8-6DD2255B2652", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*", "matchCriteriaId": "3BEF4B04-1014-400E-8EAA-EA3DFE968D41", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*", "matchCriteriaId": "1C6FD95B-FDFA-412D-BCF7-A17EA87DFA0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "C1547494-C1A0-4755-8C0F-53F4084A1ADD", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*", "matchCriteriaId": "0220E37B-EEBC-4641-AD1C-245DC249F51B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*", "matchCriteriaId": "CCCC8914-C758-4312-8AA2-B466D5B6C00F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*", "matchCriteriaId": "31A2B1C1-A27E-4479-B2AB-B2B37BC3CCD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*", "matchCriteriaId": "E449FD93-CD5D-4896-9CE1-DB42BB83A071", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*", "matchCriteriaId": "ED6F20D8-2C63-47BD-886B-0684EEF89FF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*", "matchCriteriaId": "B12BEFDE-9FB2-42E9-9638-F459FE274935", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*", "matchCriteriaId": "3B755E3B-A128-436E-8EE7-98C7F9194D34", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "B8029B2F-D88D-4BB3-9BD2-54EE034A0C18", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "9CBDC30D-02D8-4DD2-A0B7-50BCCBAC8A6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "C2560BAF-E379-477A-BF68-C836543920C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8BD9164B-4AB4-450C-B3D9-1F14C15ABE67", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A59914E6-D3B8-4289-BE31-0AD2EDC81E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "430CDEEE-28CE-4712-AF95-6790775C4028", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*", "matchCriteriaId": "A748119F-A5A1-4428-9BC0-1A8BE09C975C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*", "matchCriteriaId": "0BC5B393-9BD4-4C26-95D8-50A81CBFF0C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*", "matchCriteriaId": "09CE1987-E5E5-4F54-BC6E-245F4F02EA60", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*", "matchCriteriaId": "E3D958FD-DD4D-4732-BE86-7E254E1AAE0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*", "matchCriteriaId": "A266E261-7C7D-4C1D-BE6D-81FC5D85886D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*", "matchCriteriaId": "35251CD8-A1E6-445C-8D5F-9ABC61D84B35", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*", "matchCriteriaId": "51115706-5A47-4ABF-AC19-274FFEC6C055", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*", "matchCriteriaId": "A0F44C93-7916-49FC-93C5-C215D6C279BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*", "matchCriteriaId": "E2F9C9C5-0196-4B28-BB68-344E6DBE189A", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*", "matchCriteriaId": "AFCB17E7-B40B-49B9-9353-EE06FC9C08E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*", "matchCriteriaId": "9C917FAC-2489-4B2D-89A6-CF9E47B6983D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*", "matchCriteriaId": "16872138-6AF5-418F-998F-1220DA602AE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*", "matchCriteriaId": "3211336E-0EE6-4676-AEFA-A778176C0ECE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*", "matchCriteriaId": "387ABF04-9630-4016-B627-E35547970637", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*", "matchCriteriaId": "8346B11B-55C9-4043-AF27-138CFCC64850", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*", "matchCriteriaId": "031909CF-1F8B-494A-9A0A-E6B88ECD9E2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*", "matchCriteriaId": "965AEAF6-AC84-4745-9707-BBB515C80FB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*", "matchCriteriaId": "502FFF92-072B-451A-ADA8-5FCA59362C47", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*", "matchCriteriaId": "59E72F2E-48C8-410C-BC9D-732F6E22BA27", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*", "matchCriteriaId": "0DA38E7D-AB43-4384-A78E-820B46093345", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*", "matchCriteriaId": "94C62E25-9929-46E0-8712-2D84DB9811ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "5BCC2C7E-C8AA-48B2-9F14-5CD8E824B5AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*", "matchCriteriaId": "57480EC4-3D0F-4AD6-BC9C-162702C58336", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*", "matchCriteriaId": "BC51FEF3-CF6C-4C67-B40C-825DA7B7AC07", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "492760AF-E6C3-490B-B3E9-F354BAFA9B7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "788DD7CA-B34B-4036-86BB-80A9361BE4C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."}, {"lang": "es", "value": "En Eclipse Jetty, en versiones 9.3.x y 9.4.x, el servidor es vulnerable a una denegaci\u00f3n de servicio (DoS) si un cliente remoto env\u00eda frames SETTINGs bastante largos que contienen muchas opciones, o muchos frames SETTINGs peque\u00f1os. La vulnerabilidad se debe a las asignaciones adicionales de CPU y memoria necesarias para gestionar las opciones cambiadas."}], "id": "CVE-2018-12545", "lastModified": "2023-11-07T02:52:20.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-27T20:29:03.630", "references": [{"source": "emo@eclipse.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "emo@eclipse.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "emo@eclipse.org", "type": "Secondary"}]}

{}