{"containers": {"cna": {"affected": [{"product": "Eclipse Jetty", "vendor": "The Eclipse Foundation", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "9.3.0", "versionType": "custom"}, {"lessThan": "9.4.12", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T21:14:54", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"}, {"name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"}, {"name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"}, {"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"}, {"name": "FEDORA-2019-d9f867cb65", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"}, {"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12545", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Jetty", "version": {"version_data": [{"version_affected": ">=", "version_value": "9.3.0"}, {"version_affected": "<", "version_value": "9.4.12"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E"}, {"name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E"}, {"name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E"}, {"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"}, {"name": "FEDORA-2019-d9f867cb65", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"}, {"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:38:06.170Z"}, "title": "CVE Program Container", "references": [{"name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"}, {"name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"}, {"name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"}, {"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"}, {"name": "FEDORA-2019-d9f867cb65", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"}, {"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2018-12545", "datePublished": "2019-03-27T19:21:37", "dateReserved": "2018-06-18T00:00:00", "dateUpdated": "2024-08-05T08:38:06.170Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*", "matchCriteriaId": "7E548698-6582-4598-A832-B64483B8D2D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*", "matchCriteriaId": "14AA2E29-F543-4B80-B8DD-F76187E63A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*", "matchCriteriaId": "9B74BDCF-AF80-4679-8915-7D01E90BF4D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*", "matchCriteriaId": "580A8553-56D1-41F3-A8A9-5698D3FA7F12", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*", "matchCriteriaId": "C2784485-FE0D-454D-B4EC-9F91EE396AB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*", "matchCriteriaId": "C0AD7F68-96BD-442F-BC36-091D19BC1AC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "34269139-FB46-4EF8-BE3A-7B130F25B5E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "77FD0118-11CC-41AB-9B12-030B1F6F8EBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*", "matchCriteriaId": "A4D8788C-C718-479B-B441-B3C40F261CE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*", "matchCriteriaId": "EFB22D92-F41A-4C35-8FD6-1A57E9A25132", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*", "matchCriteriaId": "58368FE2-71A7-470B-A918-E5DB97EE5176", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*", "matchCriteriaId": "7D6CC58E-E40C-4D7A-B0EC-CDB5831FDA78", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*", "matchCriteriaId": "612EB189-F829-4426-90CE-EBD75F91E652", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*", "matchCriteriaId": "51C4F42E-99CE-4D4B-89B2-E43EE85FDE2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*", "matchCriteriaId": "2D040A9F-5FE2-48DB-BD7D-83DDB4CE8B8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "AD6F208D-C7B2-4C3C-9FF7-6BF6618D2DCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*", "matchCriteriaId": "56472E25-401A-411D-9A13-3EAB65025DFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*", "matchCriteriaId": "525AC31D-F470-4E09-88D8-261FFEA88C50", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*", "matchCriteriaId": "A5B32089-B410-4D62-8751-8341CC696F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*", "matchCriteriaId": "327C5D1A-2CB7-4F0C-B0CB-4D8CBB068D77", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "E70AB03E-BE50-43B1-B6BA-BFEFFEE73D94", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*", "matchCriteriaId": "9781FB3C-386A-4CB8-B330-B707E8F56F55", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*", "matchCriteriaId": "880FD5EC-D796-4232-B587-A99F80FDB68E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*", "matchCriteriaId": "DEB8AEEB-77E4-41E7-A097-2A3DE29DF89B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*", "matchCriteriaId": "D52DFC06-3B44-4675-B7BA-18535B1499C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "83292226-E45E-4B13-963B-36FE18815939", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "1A5D6F9A-3326-4C74-932D-DDE4AD900D1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*", "matchCriteriaId": "FC9739B3-070C-4D1D-BD44-E16DC23D5F3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "E6C07F9D-27C0-4A56-97EE-D0392CFEEB96", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*", "matchCriteriaId": "0B466BB1-D312-4F4A-9A96-1F88620A970D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "A0279CFA-12F5-4D73-9136-3EC240F14107", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*", "matchCriteriaId": "47C060B9-CEED-4D24-BC47-FE1AF604A72C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*", "matchCriteriaId": "AF745A33-0FEF-47E6-B549-8349C6D63B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "39C85CB4-BC76-4E2D-B7FF-72EAF85DA40F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*", "matchCriteriaId": "363C327A-B383-4D07-9442-55254D3284E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*", "matchCriteriaId": "BDCF78F5-AC04-4F98-A57B-0C60C184589A", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*", "matchCriteriaId": "B655ED4D-1A48-414B-AD5B-AC08644CE7E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*", "matchCriteriaId": "516E3314-C528-4DEF-B673-829094612C05", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*", "matchCriteriaId": "384F3A83-DDD5-4DC2-8257-F3A14BFD79E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*", "matchCriteriaId": "2688CA0E-2A36-4BAA-88CA-CA00DDA276EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*", "matchCriteriaId": "6482DF67-9178-409D-A522-68ACF3D08208", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*", "matchCriteriaId": "FEC43E92-04B8-4F90-82C8-6DD2255B2652", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*", "matchCriteriaId": "3BEF4B04-1014-400E-8EAA-EA3DFE968D41", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*", "matchCriteriaId": "1C6FD95B-FDFA-412D-BCF7-A17EA87DFA0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "C1547494-C1A0-4755-8C0F-53F4084A1ADD", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*", "matchCriteriaId": "0220E37B-EEBC-4641-AD1C-245DC249F51B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*", "matchCriteriaId": "CCCC8914-C758-4312-8AA2-B466D5B6C00F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*", "matchCriteriaId": "31A2B1C1-A27E-4479-B2AB-B2B37BC3CCD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*", "matchCriteriaId": "E449FD93-CD5D-4896-9CE1-DB42BB83A071", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*", "matchCriteriaId": "ED6F20D8-2C63-47BD-886B-0684EEF89FF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*", "matchCriteriaId": "B12BEFDE-9FB2-42E9-9638-F459FE274935", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*", "matchCriteriaId": "3B755E3B-A128-436E-8EE7-98C7F9194D34", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "B8029B2F-D88D-4BB3-9BD2-54EE034A0C18", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "9CBDC30D-02D8-4DD2-A0B7-50BCCBAC8A6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "C2560BAF-E379-477A-BF68-C836543920C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8BD9164B-4AB4-450C-B3D9-1F14C15ABE67", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A59914E6-D3B8-4289-BE31-0AD2EDC81E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "430CDEEE-28CE-4712-AF95-6790775C4028", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*", "matchCriteriaId": "A748119F-A5A1-4428-9BC0-1A8BE09C975C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*", "matchCriteriaId": "0BC5B393-9BD4-4C26-95D8-50A81CBFF0C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*", "matchCriteriaId": "09CE1987-E5E5-4F54-BC6E-245F4F02EA60", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*", "matchCriteriaId": "E3D958FD-DD4D-4732-BE86-7E254E1AAE0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*", "matchCriteriaId": "A266E261-7C7D-4C1D-BE6D-81FC5D85886D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*", "matchCriteriaId": "35251CD8-A1E6-445C-8D5F-9ABC61D84B35", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*", "matchCriteriaId": "51115706-5A47-4ABF-AC19-274FFEC6C055", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*", "matchCriteriaId": "A0F44C93-7916-49FC-93C5-C215D6C279BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*", "matchCriteriaId": "E2F9C9C5-0196-4B28-BB68-344E6DBE189A", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*", "matchCriteriaId": "AFCB17E7-B40B-49B9-9353-EE06FC9C08E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*", "matchCriteriaId": "9C917FAC-2489-4B2D-89A6-CF9E47B6983D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*", "matchCriteriaId": "16872138-6AF5-418F-998F-1220DA602AE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*", "matchCriteriaId": "3211336E-0EE6-4676-AEFA-A778176C0ECE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*", "matchCriteriaId": "387ABF04-9630-4016-B627-E35547970637", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*", "matchCriteriaId": "8346B11B-55C9-4043-AF27-138CFCC64850", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*", "matchCriteriaId": "031909CF-1F8B-494A-9A0A-E6B88ECD9E2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*", "matchCriteriaId": "965AEAF6-AC84-4745-9707-BBB515C80FB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*", "matchCriteriaId": "502FFF92-072B-451A-ADA8-5FCA59362C47", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*", "matchCriteriaId": "59E72F2E-48C8-410C-BC9D-732F6E22BA27", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*", "matchCriteriaId": "0DA38E7D-AB43-4384-A78E-820B46093345", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*", "matchCriteriaId": "94C62E25-9929-46E0-8712-2D84DB9811ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "5BCC2C7E-C8AA-48B2-9F14-5CD8E824B5AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*", "matchCriteriaId": "57480EC4-3D0F-4AD6-BC9C-162702C58336", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*", "matchCriteriaId": "BC51FEF3-CF6C-4C67-B40C-825DA7B7AC07", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "492760AF-E6C3-490B-B3E9-F354BAFA9B7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "788DD7CA-B34B-4036-86BB-80A9361BE4C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."}, {"lang": "es", "value": "En Eclipse Jetty, en versiones 9.3.x y 9.4.x, el servidor es vulnerable a una denegaci\u00f3n de servicio (DoS) si un cliente remoto env\u00eda frames SETTINGs bastante largos que contienen muchas opciones, o muchos frames SETTINGs peque\u00f1os. La vulnerabilidad se debe a las asignaciones adicionales de CPU y memoria necesarias para gestionar las opciones cambiadas."}], "id": "CVE-2018-12545", "lastModified": "2024-11-21T03:45:24.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-27T20:29:03.630", "references": [{"source": "emo@eclipse.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "emo@eclipse.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "emo@eclipse.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "jetty: large settings frames causing denial of service", "id": "1696062", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696062"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-400", "details": ["In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."], "name": "CVE-2018-12545", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "jetty-eclipse", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "jetty", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "jetty", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "jetty", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Out of support scope", "impact": "low", "package_name": "nutch", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-java-common-jetty", "product_name": "Red Hat Software Collections"}], "public_date": "2019-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-12545\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12545"], "statement": "This issue affects the versions of jetty which is embedded in the nutch package as shipped with Red Hat Satellite 5. The jetty server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low in the context of Red Hat Satellite 5. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate", "upstream_fix": "jetty 9.4.12"}