In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2019-03-27T19:21:37

Updated: 2024-08-05T08:38:06.170Z

Reserved: 2018-06-18T00:00:00

Link: CVE-2018-12545

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-27T20:29:03.630

Modified: 2024-11-21T03:45:24.620

Link: CVE-2018-12545

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-03-20T00:00:00Z

Links: CVE-2018-12545 - Bugzilla