Vulnerability/
CVE-2018-12545

7.5

CWE

770 400

27/3/2019

5/8/2024

CVE-2018-12545

First published: Wed Mar 27 2019(Updated: )

Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service.

Credit: emo@eclipse.org

Affected Software	Affected Version	How to fix
Eclipse Jetty	=9.3.0-20150601
Eclipse Jetty	=9.3.0-20150608
Eclipse Jetty	=9.3.0-20150612
Eclipse Jetty	=9.3.0-maintenance0
Eclipse Jetty	=9.3.0-maintenance1
Eclipse Jetty	=9.3.0-maintenance2
Eclipse Jetty	=9.3.0-rc0
Eclipse Jetty	=9.3.0-rc1
Eclipse Jetty	=9.3.1-20150714
Eclipse Jetty	=9.3.2-20150730
Eclipse Jetty	=9.3.3-20150825
Eclipse Jetty	=9.3.3-20150827
Eclipse Jetty	=9.3.4-20151005
Eclipse Jetty	=9.3.4-20151007
Eclipse Jetty	=9.3.4-rc0
Eclipse Jetty	=9.3.4-rc1
Eclipse Jetty	=9.3.5-20151012
Eclipse Jetty	=9.3.6-20151106
Eclipse Jetty	=9.3.7-20160115
Eclipse Jetty	=9.3.7-rc0
Eclipse Jetty	=9.3.7-rc1
Eclipse Jetty	=9.3.8-20160311
Eclipse Jetty	=9.3.8-20160314
Eclipse Jetty	=9.3.8-rc0
Eclipse Jetty	=9.3.9-20160517
Eclipse Jetty	=9.3.9-maintenance_0
Eclipse Jetty	=9.3.9-maintenance_1
Eclipse Jetty	=9.3.10-20160621
Eclipse Jetty	=9.3.10-maintenance_0
Eclipse Jetty	=9.3.11-20160721
Eclipse Jetty	=9.3.11-maintenance_0
Eclipse Jetty	=9.3.12-20160915
Eclipse Jetty	=9.3.13-20161014
Eclipse Jetty	=9.3.13-maintenance_0
Eclipse Jetty	=9.3.14-20161028
Eclipse Jetty	=9.3.15-20161220
Eclipse Jetty	=9.3.16-20170119
Eclipse Jetty	=9.3.16-20170120
Eclipse Jetty	=9.3.17-20170317
Eclipse Jetty	=9.3.17-rc0
Eclipse Jetty	=9.3.18-20170406
Eclipse Jetty	=9.3.19-20170502
Eclipse Jetty	=9.3.20-20170531
Eclipse Jetty	=9.3.21-20170918
Eclipse Jetty	=9.3.21-maintenance_0
Eclipse Jetty	=9.3.21-rc0
Eclipse Jetty	=9.3.22-20171030
Eclipse Jetty	=9.3.23-20180228
Eclipse Jetty	=9.3.24-20180605
Eclipse Jetty	=9.4.0-20161207
Eclipse Jetty	=9.4.0-20161208
Eclipse Jetty	=9.4.0-20180619
Eclipse Jetty	=9.4.0-maintenance_0
Eclipse Jetty	=9.4.0-maintenance_1
Eclipse Jetty	=9.4.0-rc0
Eclipse Jetty	=9.4.0-rc1
Eclipse Jetty	=9.4.0-rc2
Eclipse Jetty	=9.4.0-rc3
Eclipse Jetty	=9.4.1-20170120
Eclipse Jetty	=9.4.1-20180619
Eclipse Jetty	=9.4.2-20170220
Eclipse Jetty	=9.4.2-20180619
Eclipse Jetty	=9.4.3-20170317
Eclipse Jetty	=9.4.3-20180619
Eclipse Jetty	=9.4.4-20170410
Eclipse Jetty	=9.4.4-20170414
Eclipse Jetty	=9.4.4-20180619
Eclipse Jetty	=9.4.5-20170502
Eclipse Jetty	=9.4.5-20180619
Eclipse Jetty	=9.4.6-20170531
Eclipse Jetty	=9.4.6-20180619
Eclipse Jetty	=9.4.7-20170914
Eclipse Jetty	=9.4.7-20180619
Eclipse Jetty	=9.4.7-rc0
Eclipse Jetty	=9.4.8-20171121
Eclipse Jetty	=9.4.8-20180619
Eclipse Jetty	=9.4.9-20180320
Eclipse Jetty	=9.4.10-20180503
Eclipse Jetty	=9.4.10-rc0
Eclipse Jetty	=9.4.10-rc1
Eclipse Jetty	=9.4.11-20180605
Eclipse Jetty	=9.4.12-rc0
Eclipse Jetty	=9.4.12-rc1
Eclipse Jetty	=9.4.12-rc2
Fedoraproject Fedora	=28

Remedy

https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E

Remedy

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Example email

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6466729

collector/nvd-index
agent/weakness
agent/type
agent/remedy
agent/first-publish-date
agent/author
agent/severity
agent/description
collector/ibm-support
source/IBM
agent/last-modified-date
agent/references
agent/softwarecombine
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/eclipse
canonical/eclipse jetty
version/eclipse jetty/9.3.0-20150601
version/eclipse jetty/9.3.0-20150608
version/eclipse jetty/9.3.0-20150612
version/eclipse jetty/9.3.0-maintenance0
version/eclipse jetty/9.3.0-maintenance1
version/eclipse jetty/9.3.0-maintenance2
version/eclipse jetty/9.3.0-rc0
version/eclipse jetty/9.3.0-rc1
version/eclipse jetty/9.3.1-20150714
version/eclipse jetty/9.3.2-20150730
version/eclipse jetty/9.3.3-20150825
version/eclipse jetty/9.3.3-20150827
version/eclipse jetty/9.3.4-20151005
version/eclipse jetty/9.3.4-20151007
version/eclipse jetty/9.3.4-rc0
version/eclipse jetty/9.3.4-rc1
version/eclipse jetty/9.3.5-20151012
version/eclipse jetty/9.3.6-20151106
version/eclipse jetty/9.3.7-20160115
version/eclipse jetty/9.3.7-rc0
version/eclipse jetty/9.3.7-rc1
version/eclipse jetty/9.3.8-20160311
version/eclipse jetty/9.3.8-20160314
version/eclipse jetty/9.3.8-rc0
version/eclipse jetty/9.3.9-20160517
version/eclipse jetty/9.3.9-maintenance_0
version/eclipse jetty/9.3.9-maintenance_1
version/eclipse jetty/9.3.10-20160621
version/eclipse jetty/9.3.10-maintenance_0
version/eclipse jetty/9.3.11-20160721
version/eclipse jetty/9.3.11-maintenance_0
version/eclipse jetty/9.3.12-20160915
version/eclipse jetty/9.3.13-20161014
version/eclipse jetty/9.3.13-maintenance_0
version/eclipse jetty/9.3.14-20161028
version/eclipse jetty/9.3.15-20161220
version/eclipse jetty/9.3.16-20170119
version/eclipse jetty/9.3.16-20170120
version/eclipse jetty/9.3.17-20170317
version/eclipse jetty/9.3.17-rc0
version/eclipse jetty/9.3.18-20170406
version/eclipse jetty/9.3.19-20170502
version/eclipse jetty/9.3.20-20170531
version/eclipse jetty/9.3.21-20170918
version/eclipse jetty/9.3.21-maintenance_0
version/eclipse jetty/9.3.21-rc0
version/eclipse jetty/9.3.22-20171030
version/eclipse jetty/9.3.23-20180228
version/eclipse jetty/9.3.24-20180605
version/eclipse jetty/9.4.0-20161207
version/eclipse jetty/9.4.0-20161208
version/eclipse jetty/9.4.0-20180619
version/eclipse jetty/9.4.0-maintenance_0
version/eclipse jetty/9.4.0-maintenance_1
version/eclipse jetty/9.4.0-rc0
version/eclipse jetty/9.4.0-rc1
version/eclipse jetty/9.4.0-rc2
version/eclipse jetty/9.4.0-rc3
version/eclipse jetty/9.4.1-20170120
version/eclipse jetty/9.4.1-20180619
version/eclipse jetty/9.4.2-20170220
version/eclipse jetty/9.4.2-20180619
version/eclipse jetty/9.4.3-20170317
version/eclipse jetty/9.4.3-20180619
version/eclipse jetty/9.4.4-20170410
version/eclipse jetty/9.4.4-20170414
version/eclipse jetty/9.4.4-20180619
version/eclipse jetty/9.4.5-20170502
version/eclipse jetty/9.4.5-20180619
version/eclipse jetty/9.4.6-20170531
version/eclipse jetty/9.4.6-20180619
version/eclipse jetty/9.4.7-20170914
version/eclipse jetty/9.4.7-20180619
version/eclipse jetty/9.4.7-rc0
version/eclipse jetty/9.4.8-20171121
version/eclipse jetty/9.4.8-20180619
version/eclipse jetty/9.4.9-20180320
version/eclipse jetty/9.4.10-20180503
version/eclipse jetty/9.4.10-rc0
version/eclipse jetty/9.4.10-rc1
version/eclipse jetty/9.4.11-20180605
version/eclipse jetty/9.4.12-rc0
version/eclipse jetty/9.4.12-rc1
version/eclipse jetty/9.4.12-rc2
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/28

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203