medium
5.8
CWE
226
Advisory Published
CVE Published
Advisory Published
Updated

CVE-2020-27218

First published: Fri Nov 27 2020(Updated: )

### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.

Credit: emo@eclipse.org emo@eclipse.org emo@eclipse.org

Affected SoftwareAffected VersionHow to fix
redhat/jenkins<0:2.289.1.1624365627-1.el7
0:2.289.1.1624365627-1.el7
redhat/jenkins<0:2.277.3.1623846768-1.el7
0:2.277.3.1623846768-1.el7
redhat/jenkins<0:2.277.3.1623853726-1.el8
0:2.277.3.1623853726-1.el8
redhat/jetty<9.4.35.
9.4.35.
redhat/jetty<10.0.0.
10.0.0.
redhat/jetty<11.0.0.
11.0.0.
maven/org.eclipse.jetty:jetty-server>=9.4.0<=9.4.34
9.4.35.v20201120
Eclipse Jetty>=9.4.0<9.4.35
Eclipse Jetty=10.0.0-alpha0
Eclipse Jetty=10.0.0-alpha1
Eclipse Jetty=10.0.0-beta0
Eclipse Jetty=10.0.0-beta1
Eclipse Jetty=10.0.0-beta2
Eclipse Jetty=11.0.0-alpha0
Eclipse Jetty=11.0.0-beta1
Eclipse Jetty=11.0.0-beta2
NetApp OnCommand System Manager>=3.0<=3.1.3
NetApp Snap Creator Framework
Oracle Blockchain Platform<21.1.2
Oracle Communications Converged Application Server - Service Controller=6.2
Oracle Communications Offline Mediation Controller=12.0.0.3.0
Oracle Communications Pricing Design Center=12.0.0.3.0
Oracle Communications Services Gatekeeper=7.0
Oracle Communications Session Route Manager>=8.0.0<=8.2.4
Oracle FLEXCUBE Private Banking=12.0.0
Oracle FLEXCUBE Private Banking=12.1.0
Oracle Hyperion Infrastructure Technology=11.1.2.6.0
Oracle REST Data Services<20.4.3.050.1904
Oracle Retail Eftlink=20.0.0
Oracle Siebel Core - Automation<=21.5
Apache Kafka=2.7.0
Apache Spark=2.4.8
Apache Spark=3.0.3
Debian Debian Linux=10.0

Remedy

https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b531283fc2efce4fe17@%3Ccommits.zookeeper.apache.org%3E

Remedy

https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E

Remedy

https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0209fa8bf66c9f7aab@%3Ccommits.spark.apache.org%3E

Remedy

https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935fb75c18817fdec377e@%3Ccommits.spark.apache.org%3E

Remedy

https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a5c005f63c0b1e3d25@%3Ccommits.kafka.apache.org%3E

Remedy

https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72e9468204799f5ac29@%3Ccommits.spark.apache.org%3E

Remedy

https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8@%3Ccommits.zookeeper.apache.org%3E

Remedy

https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f108425db2999a180944@%3Ccommits.kafka.apache.org%3E

Remedy

https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62ef21331d9d06142388@%3Cjira.kafka.apache.org%3E

Remedy

https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e98377225632e7e4239323fb@%3Ccommits.kafka.apache.org%3E

Remedy

https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57bfb0d8c632b8723b88@%3Cdev.hbase.apache.org%3E

Remedy

https://www.oracle.com//security-alerts/cpujul2021.html

Remedy

https://www.oracle.com/security-alerts/cpuApr2021.html

Remedy

https://www.oracle.com/security-alerts/cpuapr2022.html

Remedy

https://www.oracle.com/security-alerts/cpuoct2021.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the vulnerability ID for this Eclipse Jetty vulnerability?

    The vulnerability ID for this Eclipse Jetty vulnerability is CVE-2020-27218.

  • What is the severity level of CVE-2020-27218?

    CVE-2020-27218 has a severity level of medium (4.8).

  • Which versions of Eclipse Jetty are affected by this vulnerability?

    Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2 are affected by this vulnerability.

  • How can an attacker exploit CVE-2020-27218?

    An attacker can exploit CVE-2020-27218 by sending a request with a body that is larger than the content length.

  • Are there any known remediation steps for this vulnerability?

    Yes, upgrading to Eclipse Jetty version 9.4.35, 10.0.0 or 11.0.0 is recommended to remediate this vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203