7.5
CWE
770 400
Advisory Published
Updated

CVE-2018-12545

First published: Wed Mar 27 2019(Updated: )

Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service.

Credit: emo@eclipse.org

Affected SoftwareAffected VersionHow to fix
Eclipse Jetty=9.3.0-20150601
Eclipse Jetty=9.3.0-20150608
Eclipse Jetty=9.3.0-20150612
Eclipse Jetty=9.3.0-maintenance0
Eclipse Jetty=9.3.0-maintenance1
Eclipse Jetty=9.3.0-maintenance2
Eclipse Jetty=9.3.0-rc0
Eclipse Jetty=9.3.0-rc1
Eclipse Jetty=9.3.1-20150714
Eclipse Jetty=9.3.2-20150730
Eclipse Jetty=9.3.3-20150825
Eclipse Jetty=9.3.3-20150827
Eclipse Jetty=9.3.4-20151005
Eclipse Jetty=9.3.4-20151007
Eclipse Jetty=9.3.4-rc0
Eclipse Jetty=9.3.4-rc1
Eclipse Jetty=9.3.5-20151012
Eclipse Jetty=9.3.6-20151106
Eclipse Jetty=9.3.7-20160115
Eclipse Jetty=9.3.7-rc0
Eclipse Jetty=9.3.7-rc1
Eclipse Jetty=9.3.8-20160311
Eclipse Jetty=9.3.8-20160314
Eclipse Jetty=9.3.8-rc0
Eclipse Jetty=9.3.9-20160517
Eclipse Jetty=9.3.9-maintenance_0
Eclipse Jetty=9.3.9-maintenance_1
Eclipse Jetty=9.3.10-20160621
Eclipse Jetty=9.3.10-maintenance_0
Eclipse Jetty=9.3.11-20160721
Eclipse Jetty=9.3.11-maintenance_0
Eclipse Jetty=9.3.12-20160915
Eclipse Jetty=9.3.13-20161014
Eclipse Jetty=9.3.13-maintenance_0
Eclipse Jetty=9.3.14-20161028
Eclipse Jetty=9.3.15-20161220
Eclipse Jetty=9.3.16-20170119
Eclipse Jetty=9.3.16-20170120
Eclipse Jetty=9.3.17-20170317
Eclipse Jetty=9.3.17-rc0
Eclipse Jetty=9.3.18-20170406
Eclipse Jetty=9.3.19-20170502
Eclipse Jetty=9.3.20-20170531
Eclipse Jetty=9.3.21-20170918
Eclipse Jetty=9.3.21-maintenance_0
Eclipse Jetty=9.3.21-rc0
Eclipse Jetty=9.3.22-20171030
Eclipse Jetty=9.3.23-20180228
Eclipse Jetty=9.3.24-20180605
Eclipse Jetty=9.4.0-20161207
Eclipse Jetty=9.4.0-20161208
Eclipse Jetty=9.4.0-20180619
Eclipse Jetty=9.4.0-maintenance_0
Eclipse Jetty=9.4.0-maintenance_1
Eclipse Jetty=9.4.0-rc0
Eclipse Jetty=9.4.0-rc1
Eclipse Jetty=9.4.0-rc2
Eclipse Jetty=9.4.0-rc3
Eclipse Jetty=9.4.1-20170120
Eclipse Jetty=9.4.1-20180619
Eclipse Jetty=9.4.2-20170220
Eclipse Jetty=9.4.2-20180619
Eclipse Jetty=9.4.3-20170317
Eclipse Jetty=9.4.3-20180619
Eclipse Jetty=9.4.4-20170410
Eclipse Jetty=9.4.4-20170414
Eclipse Jetty=9.4.4-20180619
Eclipse Jetty=9.4.5-20170502
Eclipse Jetty=9.4.5-20180619
Eclipse Jetty=9.4.6-20170531
Eclipse Jetty=9.4.6-20180619
Eclipse Jetty=9.4.7-20170914
Eclipse Jetty=9.4.7-20180619
Eclipse Jetty=9.4.7-rc0
Eclipse Jetty=9.4.8-20171121
Eclipse Jetty=9.4.8-20180619
Eclipse Jetty=9.4.9-20180320
Eclipse Jetty=9.4.10-20180503
Eclipse Jetty=9.4.10-rc0
Eclipse Jetty=9.4.10-rc1
Eclipse Jetty=9.4.11-20180605
Eclipse Jetty=9.4.12-rc0
Eclipse Jetty=9.4.12-rc1
Eclipse Jetty=9.4.12-rc2
Fedoraproject Fedora=28
IBM Cognos Analytics<=12.0.0-12.0.3
IBM Cognos Analytics<=11.2.0-11.2.4 FP3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203