CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.
Configurations

Configuration 1

cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*

Information

Published : 2019-03-27 08:29

Updated : 2020-10-23 06:18


NVD link : CVE-2018-12545

Mitre link : CVE-2018-12545

Products Affected
CWE