QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12545

Published: Mar 27, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

Vendor	Product	Versions
The Eclipse Foundation	Eclipse Jetty	affected `9.3.0 - < unspecified` affected `unspecified - < 9.4.12`

Weaknesses (CWE)

References

[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE

mailing-list

x_refsource_MLIST

[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE

mailing-list

x_refsource_MLIST

[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)

mailing-list

x_refsource_MLIST

[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1

mailing-list

x_refsource_MLIST

FEDORA-2019-d9f867cb65

vendor-advisory

x_refsource_FEDORA

[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities

mailing-list

x_refsource_MLIST

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.