In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: eclipse
Published: 2021-02-26T21:55:13
Updated: 2021-08-13T18:06:11
Reserved: 2020-10-19T00:00:00
Link: CVE-2020-27223
JSON object: View
NVD Information
Status : Modified
Published: 2021-02-26T22:15:19.317
Modified: 2023-11-07T03:20:55.320
Link: CVE-2020-27223
JSON object: View
Redhat Information
No data.