Vulnerability-Lookup

CVE-2018-12545 (GCVE-0-2018-12545)

Vulnerability from cvelistv5 – Published: 2019-03-27 19:21 – Updated: 2024-08-05 08:38

Summary

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

Severity ?

No CVSS data available.

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

eclipse

References

URL

Tags

	https://lists.apache.org/thread.html/70744fe4faba…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/febc94ffec92…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/13f5241048ec…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/ff8dcfe29377…	mailing-listx_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.apache.org/thread.html/9317fd092b25…	mailing-listx_refsource_MLIST
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	The Eclipse Foundation	Eclipse Jetty	Affected: 9.3.0 , < unspecified (custom) Affected: unspecified , < 9.4.12 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:38:06.170Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"
          },
          {
            "name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"
          },
          {
            "name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-d9f867cb65",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"
          },
          {
            "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:54",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"
        },
        {
          "name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"
        },
        {
          "name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-d9f867cb65",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"
        },
        {
          "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2018-12545",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Jetty",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.4.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E"
            },
            {
              "name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E"
            },
            {
              "name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-d9f867cb65",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"
            },
            {
              "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096",
              "refsource": "CONFIRM",
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2018-12545",
    "datePublished": "2019-03-27T19:21:37",
    "dateReserved": "2018-06-18T00:00:00",
    "dateUpdated": "2024-08-05T08:38:06.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-12545\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2019-03-27T20:29:03.630\",\"lastModified\":\"2024-11-21T03:45:24.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.\"},{\"lang\":\"es\",\"value\":\"En Eclipse Jetty, en versiones 9.3.x y 9.4.x, el servidor es vulnerable a una denegaci\u00f3n de servicio (DoS) si un cliente remoto env\u00eda frames SETTINGs bastante largos que contienen muchas opciones, o muchos frames SETTINGs peque\u00f1os. La vulnerabilidad se debe a las asignaciones adicionales de CPU y memoria necesarias para gestionar las opciones cambiadas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E548698-6582-4598-A832-B64483B8D2D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*\",\"matchCriteriaId\":\"14AA2E29-F543-4B80-B8DD-F76187E63A3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B74BDCF-AF80-4679-8915-7D01E90BF4D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*\",\"matchCriteriaId\":\"580A8553-56D1-41F3-A8A9-5698D3FA7F12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2784485-FE0D-454D-B4EC-9F91EE396AB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AD7F68-96BD-442F-BC36-091D19BC1AC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"34269139-FB46-4EF8-BE3A-7B130F25B5E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"77FD0118-11CC-41AB-9B12-030B1F6F8EBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4D8788C-C718-479B-B441-B3C40F261CE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFB22D92-F41A-4C35-8FD6-1A57E9A25132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*\",\"matchCriteriaId\":\"58368FE2-71A7-470B-A918-E5DB97EE5176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6CC58E-E40C-4D7A-B0EC-CDB5831FDA78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*\",\"matchCriteriaId\":\"612EB189-F829-4426-90CE-EBD75F91E652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*\",\"matchCriteriaId\":\"51C4F42E-99CE-4D4B-89B2-E43EE85FDE2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D040A9F-5FE2-48DB-BD7D-83DDB4CE8B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD6F208D-C7B2-4C3C-9FF7-6BF6618D2DCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*\",\"matchCriteriaId\":\"56472E25-401A-411D-9A13-3EAB65025DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*\",\"matchCriteriaId\":\"525AC31D-F470-4E09-88D8-261FFEA88C50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5B32089-B410-4D62-8751-8341CC696F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"327C5D1A-2CB7-4F0C-B0CB-4D8CBB068D77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70AB03E-BE50-43B1-B6BA-BFEFFEE73D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*\",\"matchCriteriaId\":\"9781FB3C-386A-4CB8-B330-B707E8F56F55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*\",\"matchCriteriaId\":\"880FD5EC-D796-4232-B587-A99F80FDB68E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEB8AEEB-77E4-41E7-A097-2A3DE29DF89B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52DFC06-3B44-4675-B7BA-18535B1499C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"83292226-E45E-4B13-963B-36FE18815939\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A5D6F9A-3326-4C74-932D-DDE4AD900D1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC9739B3-070C-4D1D-BD44-E16DC23D5F3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6C07F9D-27C0-4A56-97EE-D0392CFEEB96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B466BB1-D312-4F4A-9A96-1F88620A970D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0279CFA-12F5-4D73-9136-3EC240F14107\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*\",\"matchCriteriaId\":\"47C060B9-CEED-4D24-BC47-FE1AF604A72C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF745A33-0FEF-47E6-B549-8349C6D63B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"39C85CB4-BC76-4E2D-B7FF-72EAF85DA40F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*\",\"matchCriteriaId\":\"363C327A-B383-4D07-9442-55254D3284E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDCF78F5-AC04-4F98-A57B-0C60C184589A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*\",\"matchCriteriaId\":\"B655ED4D-1A48-414B-AD5B-AC08644CE7E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*\",\"matchCriteriaId\":\"516E3314-C528-4DEF-B673-829094612C05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*\",\"matchCriteriaId\":\"384F3A83-DDD5-4DC2-8257-F3A14BFD79E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"2688CA0E-2A36-4BAA-88CA-CA00DDA276EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*\",\"matchCriteriaId\":\"6482DF67-9178-409D-A522-68ACF3D08208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEC43E92-04B8-4F90-82C8-6DD2255B2652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BEF4B04-1014-400E-8EAA-EA3DFE968D41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6FD95B-FDFA-412D-BCF7-A17EA87DFA0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1547494-C1A0-4755-8C0F-53F4084A1ADD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"0220E37B-EEBC-4641-AD1C-245DC249F51B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCC8914-C758-4312-8AA2-B466D5B6C00F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*\",\"matchCriteriaId\":\"31A2B1C1-A27E-4479-B2AB-B2B37BC3CCD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*\",\"matchCriteriaId\":\"E449FD93-CD5D-4896-9CE1-DB42BB83A071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED6F20D8-2C63-47BD-886B-0684EEF89FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*\",\"matchCriteriaId\":\"B12BEFDE-9FB2-42E9-9638-F459FE274935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B755E3B-A128-436E-8EE7-98C7F9194D34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8029B2F-D88D-4BB3-9BD2-54EE034A0C18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CBDC30D-02D8-4DD2-A0B7-50BCCBAC8A6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2560BAF-E379-477A-BF68-C836543920C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BD9164B-4AB4-450C-B3D9-1F14C15ABE67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A59914E6-D3B8-4289-BE31-0AD2EDC81E85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"430CDEEE-28CE-4712-AF95-6790775C4028\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*\",\"matchCriteriaId\":\"A748119F-A5A1-4428-9BC0-1A8BE09C975C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BC5B393-9BD4-4C26-95D8-50A81CBFF0C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*\",\"matchCriteriaId\":\"09CE1987-E5E5-4F54-BC6E-245F4F02EA60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3D958FD-DD4D-4732-BE86-7E254E1AAE0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*\",\"matchCriteriaId\":\"A266E261-7C7D-4C1D-BE6D-81FC5D85886D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"35251CD8-A1E6-445C-8D5F-9ABC61D84B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*\",\"matchCriteriaId\":\"51115706-5A47-4ABF-AC19-274FFEC6C055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0F44C93-7916-49FC-93C5-C215D6C279BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2F9C9C5-0196-4B28-BB68-344E6DBE189A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFCB17E7-B40B-49B9-9353-EE06FC9C08E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C917FAC-2489-4B2D-89A6-CF9E47B6983D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*\",\"matchCriteriaId\":\"16872138-6AF5-418F-998F-1220DA602AE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"3211336E-0EE6-4676-AEFA-A778176C0ECE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*\",\"matchCriteriaId\":\"387ABF04-9630-4016-B627-E35547970637\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"8346B11B-55C9-4043-AF27-138CFCC64850\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"031909CF-1F8B-494A-9A0A-E6B88ECD9E2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*\",\"matchCriteriaId\":\"965AEAF6-AC84-4745-9707-BBB515C80FB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"502FFF92-072B-451A-ADA8-5FCA59362C47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*\",\"matchCriteriaId\":\"59E72F2E-48C8-410C-BC9D-732F6E22BA27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DA38E7D-AB43-4384-A78E-820B46093345\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"94C62E25-9929-46E0-8712-2D84DB9811ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BCC2C7E-C8AA-48B2-9F14-5CD8E824B5AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*\",\"matchCriteriaId\":\"57480EC4-3D0F-4AD6-BC9C-162702C58336\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC51FEF3-CF6C-4C67-B40C-825DA7B7AC07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"492760AF-E6C3-490B-B3E9-F354BAFA9B7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"788DD7CA-B34B-4036-86BB-80A9361BE4C6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF\"}]}]}],\"references\":[{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

GSD-2018-12545

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-12545

Aliases

CVE-2018-12545

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-12545",
    "description": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.",
    "id": "GSD-2018-12545"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-12545"
      ],
      "details": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.",
      "id": "GSD-2018-12545",
      "modified": "2023-12-13T01:22:29.824063Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@eclipse.org",
        "ID": "CVE-2018-12545",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Eclipse Jetty",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003e=",
                          "version_value": "9.3.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "9.4.12"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "The Eclipse Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-400: Uncontrolled Resource Consumption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E"
          },
          {
            "name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E"
          },
          {
            "name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-d9f867cb65",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"
          },
          {
            "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096",
            "refsource": "CONFIRM",
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[9.3.0,9.3.24.v20180605],[9.4.0,9.4.12.v20180830]",
          "affected_versions": "All versions starting from 9.3.0 up to 9.3.24.v20180605, all versions starting from 9.4.0 up to 9.4.12.v20180830",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-770",
            "CWE-937"
          ],
          "date": "2019-10-09",
          "description": "In Eclipse Jetty, the server is vulnerable to Denial of Service conditions if a remote client sends either large `SETTINGs` frames container containing many settings, or many small `SETTINGs` frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.",
          "fixed_versions": [
            "9.4.13.v20181111"
          ],
          "identifier": "CVE-2018-12545",
          "identifiers": [
            "CVE-2018-12545"
          ],
          "not_impacted": "All versions before 9.3.0, all versions after 9.3.24.v20180605 before 9.4.0, all versions after 9.4.12.v20180830",
          "package_slug": "maven/org.eclipse.jetty/jetty-server",
          "pubdate": "2019-03-27",
          "solution": "Upgrade to version 9.4.13.v20181111 or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-12545",
            "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"
          ],
          "uuid": "21a1e495-a519-404b-9dfc-050454b053f3"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2018-12545"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-770"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"
            },
            {
              "name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E"
            },
            {
              "name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E"
            },
            {
              "name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-d9f867cb65",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-10-23T18:18Z",
      "publishedDate": "2019-03-27T20:29Z"
    }
  }
}

CNVD-2019-08727

Vulnerability from cnvd - Published: 2019-03-29

Title

Eclipse Jetty拒绝服务漏洞

Description

Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty 9.3.x版本和9.4.x版本中存在拒绝服务漏洞，攻击者可利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Eclipse Jetty拒绝服务漏洞的补丁

Patch Description

Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty 9.3.x版本和9.4.x版本中存在拒绝服务漏洞，攻击者可利用该漏洞造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096

Reference

https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096

Impacted products

Name
['Eclipse Jetty 9.3.', 'Eclipse Jetty 9.4.']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12545"
    }
  },
  "description": "Eclipse Jetty\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u3001\u57fa\u4e8eJava\u7684Web\u670d\u52a1\u5668\u548cJava Servlet\u5bb9\u5668\u3002\n\nEclipse Jetty 9.3.x\u7248\u672c\u548c9.4.x\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "esse McConnell",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bugs.eclipse.org/bugs/show_bug.cgi?id=538096",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-08727",
  "openTime": "2019-03-29",
  "patchDescription": "Eclipse Jetty\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u3001\u57fa\u4e8eJava\u7684Web\u670d\u52a1\u5668\u548cJava Servlet\u5bb9\u5668\u3002\r\n\r\nEclipse Jetty 9.3.x\u7248\u672c\u548c9.4.x\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Eclipse Jetty\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Eclipse Jetty 9.3.*",
      "Eclipse Jetty 9.4.*"
    ]
  },
  "referenceLink": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096",
  "serverity": "\u4e2d",
  "submitTime": "2019-03-28",
  "title": "Eclipse Jetty\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CERTFR-2023-AVI-0357

Vulnerability from certfr_avis - Published: 2023-05-05 - Updated: 2023-05-05

De multiples vulnérabilités ont été découvertes dans IBM Cognos. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	N/A	IBM Cognos Command Center version 10.2.4.1 sans le correctif de sécurité IF17

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6988263 du 04 mai 2023	None	vendor-advisory
Bulletin de sécurité IBM 6983274 du 04 mai 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Cognos Command Center version 10.2.4.1 sans le correctif de s\u00e9curit\u00e9 IF17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
    },
    {
      "name": "CVE-2020-27218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2022-420004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-420004"
    },
    {
      "name": "CVE-2022-31160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
    },
    {
      "name": "CVE-2019-11358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
    },
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2022-2048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2021-37533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
    },
    {
      "name": "CVE-2017-7658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
    },
    {
      "name": "CVE-2022-2047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2047"
    },
    {
      "name": "CVE-2022-42889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
    },
    {
      "name": "CVE-2018-12545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
    },
    {
      "name": "CVE-2022-21449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
    },
    {
      "name": "CVE-2022-21434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
    },
    {
      "name": "CVE-2017-7657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
    },
    {
      "name": "CVE-2018-12536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12536"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2022-2191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2191"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2022-38707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38707"
    },
    {
      "name": "CVE-2019-10241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
    },
    {
      "name": "CVE-2019-10247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10247"
    },
    {
      "name": "CVE-2017-7656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-21443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
    },
    {
      "name": "CVE-2015-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    }
  ],
  "initial_release_date": "2023-05-05T00:00:00",
  "last_revision_date": "2023-05-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0357",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-05-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Cognos.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Cognos",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6988263 du 04 mai 2023",
      "url": "https://www.ibm.com/support/pages/node/6988263"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6983274 du 04 mai 2023",
      "url": "https://www.ibm.com/support/pages/node/6983274"
    }
  ]
}

CERTFR-2024-AVI-0923

Vulnerability from certfr_avis - Published: 2024-10-25 - Updated: 2024-10-25

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling	Sterling Connect:Express pour UNIX versions 1.5.x antérieures à 1.5.0.17010
IBM	QRadar	QRadar Assistant versions antérieures à 3.8.1
IBM	Cognos Analytics	Cognos Analytics Mobile (Android) versions 1.1.x antérieures à 1.1.20
IBM	Sterling	Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 GA
IBM	QRadar	SOAR QRadar Plugin App versions antérieures à 5.5.0
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4
IBM	Sterling	Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 GA
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4
IBM	Sterling	Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 GA
IBM	Cognos Analytics	Cognos Analytics Mobile (iOS) versions 1.1.x antérieures à 1.1.20
IBM	Sterling	Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 GA

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7173631	2024-10-21	vendor-advisory
Bulletin de sécurité IBM 7174016	2024-10-24	vendor-advisory
Bulletin de sécurité IBM 7174015	2024-10-24	vendor-advisory
Bulletin de sécurité IBM 7173632	2024-10-21	vendor-advisory
Bulletin de sécurité IBM 7172691	2024-10-21	vendor-advisory
Bulletin de sécurité IBM 7172692	2024-10-21	vendor-advisory
Bulletin de sécurité IBM 7173592	2024-10-21	vendor-advisory
Bulletin de sécurité IBM 7173866	2024-10-23	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling Connect:Express pour UNIX versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.17010",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.8.1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics Mobile (Android) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.5.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 ",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics Mobile (iOS) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0144"
    },
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2023-38264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
    },
    {
      "name": "CVE-2024-22201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2023-25166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25166"
    },
    {
      "name": "CVE-2024-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
    },
    {
      "name": "CVE-2023-46234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
    },
    {
      "name": "CVE-2023-28856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28856"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2018-12538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12538"
    },
    {
      "name": "CVE-2024-35176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
    },
    {
      "name": "CVE-2024-21890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
    },
    {
      "name": "CVE-2024-21896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
    },
    {
      "name": "CVE-2023-50312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
    },
    {
      "name": "CVE-2024-3933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2024-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
    },
    {
      "name": "CVE-2023-38737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
    },
    {
      "name": "CVE-2024-29415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
    },
    {
      "name": "CVE-2022-36943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36943"
    },
    {
      "name": "CVE-2024-43398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-38009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38009"
    },
    {
      "name": "CVE-2023-45133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
    },
    {
      "name": "CVE-2023-26049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
    },
    {
      "name": "CVE-2023-46809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
    },
    {
      "name": "CVE-2020-27216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
    },
    {
      "name": "CVE-2019-13224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
    },
    {
      "name": "CVE-2022-29622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29622"
    },
    {
      "name": "CVE-2021-40690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2023-45145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
    },
    {
      "name": "CVE-2024-22019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
    },
    {
      "name": "CVE-2023-0842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
    },
    {
      "name": "CVE-2023-22467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-22329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2024-21892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
    },
    {
      "name": "CVE-2024-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
    },
    {
      "name": "CVE-2022-43383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43383"
    },
    {
      "name": "CVE-2019-16163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
    },
    {
      "name": "CVE-2024-39908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2024-41946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
    },
    {
      "name": "CVE-2024-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2023-51775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
    },
    {
      "name": "CVE-2018-12545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
    },
    {
      "name": "CVE-2024-5569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2024-41784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41784"
    },
    {
      "name": "CVE-2021-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
    },
    {
      "name": "CVE-2023-40167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
    },
    {
      "name": "CVE-2023-41900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
    },
    {
      "name": "CVE-2024-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
    },
    {
      "name": "CVE-2022-24834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
    },
    {
      "name": "CVE-2023-36479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2023-44483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
    },
    {
      "name": "CVE-2024-27270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
    },
    {
      "name": "CVE-2024-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
    },
    {
      "name": "CVE-2024-21891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2024-22017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
    },
    {
      "name": "CVE-2022-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
    },
    {
      "name": "CVE-2019-10241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
    },
    {
      "name": "CVE-2022-24736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24736"
    },
    {
      "name": "CVE-2024-25042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25042"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2020-15168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15168"
    },
    {
      "name": "CVE-2023-29262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29262"
    },
    {
      "name": "CVE-2023-26048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2023-42282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
    },
    {
      "name": "CVE-2022-24735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24735"
    },
    {
      "name": "CVE-2024-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
    },
    {
      "name": "CVE-2024-39689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
    },
    {
      "name": "CVE-2024-41123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
    },
    {
      "name": "CVE-2019-19012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
    },
    {
      "name": "CVE-2024-27267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
    },
    {
      "name": "CVE-2012-2677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2677"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    }
  ],
  "initial_release_date": "2024-10-25T00:00:00",
  "last_revision_date": "2024-10-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0923",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-10-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173631",
      "url": "https://www.ibm.com/support/pages/node/7173631"
    },
    {
      "published_at": "2024-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174016",
      "url": "https://www.ibm.com/support/pages/node/7174016"
    },
    {
      "published_at": "2024-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174015",
      "url": "https://www.ibm.com/support/pages/node/7174015"
    },
    {
      "published_at": "2024-10-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173632",
      "url": "https://www.ibm.com/support/pages/node/7173632"
    },
    {
      "published_at": "2024-10-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7172691",
      "url": "https://www.ibm.com/support/pages/node/7172691"
    },
    {
      "published_at": "2024-10-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7172692",
      "url": "https://www.ibm.com/support/pages/node/7172692"
    },
    {
      "published_at": "2024-10-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173592",
      "url": "https://www.ibm.com/support/pages/node/7173592"
    },
    {
      "published_at": "2024-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173866",
      "url": "https://www.ibm.com/support/pages/node/7173866"
    }
  ]
}

GHSA-H2F4-V4C4-6WX4

Vulnerability from github – Published: 2019-03-28 18:33 – Updated: 2022-09-17 00:33

Summary

Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.4.12.RC2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.4.0"
            },
            {
              "fixed": "9.4.12.v20180830"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.3.24.v20180605"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.3.0"
            },
            {
              "fixed": "9.3.25.v20180904"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-12545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:38:26Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.",
  "id": "GHSA-h2f4-v4c4-6wx4",
  "modified": "2022-09-17T00:33:03Z",
  "published": "2019-03-28T18:33:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12545"
    },
    {
      "type": "WEB",
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-h2f4-v4c4-6wx4"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server"
}

FKIE_CVE-2018-12545

Vulnerability from fkie_nvd - Published: 2019-03-27 20:29 - Updated: 2024-11-21 03:45

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
emo@eclipse.org	https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096	Issue Tracking, Vendor Advisory
emo@eclipse.org	https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
emo@eclipse.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/
emo@eclipse.org	https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
emo@eclipse.org	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
eclipse	jetty	9.3.0
eclipse	jetty	9.3.0
eclipse	jetty	9.3.0
eclipse	jetty	9.3.0
eclipse	jetty	9.3.0
eclipse	jetty	9.3.0
eclipse	jetty	9.3.0
eclipse	jetty	9.3.0
eclipse	jetty	9.3.1
eclipse	jetty	9.3.2
eclipse	jetty	9.3.3
eclipse	jetty	9.3.3
eclipse	jetty	9.3.4
eclipse	jetty	9.3.4
eclipse	jetty	9.3.4
eclipse	jetty	9.3.4
eclipse	jetty	9.3.5
eclipse	jetty	9.3.6
eclipse	jetty	9.3.7
eclipse	jetty	9.3.7
eclipse	jetty	9.3.7
eclipse	jetty	9.3.8
eclipse	jetty	9.3.8
eclipse	jetty	9.3.8
eclipse	jetty	9.3.9
eclipse	jetty	9.3.9
eclipse	jetty	9.3.9
eclipse	jetty	9.3.10
eclipse	jetty	9.3.10
eclipse	jetty	9.3.11
eclipse	jetty	9.3.11
eclipse	jetty	9.3.12
eclipse	jetty	9.3.13
eclipse	jetty	9.3.13
eclipse	jetty	9.3.14
eclipse	jetty	9.3.15
eclipse	jetty	9.3.16
eclipse	jetty	9.3.16
eclipse	jetty	9.3.17
eclipse	jetty	9.3.17
eclipse	jetty	9.3.18
eclipse	jetty	9.3.19
eclipse	jetty	9.3.20
eclipse	jetty	9.3.21
eclipse	jetty	9.3.21
eclipse	jetty	9.3.21
eclipse	jetty	9.3.22
eclipse	jetty	9.3.23
eclipse	jetty	9.3.24
eclipse	jetty	9.4.0
eclipse	jetty	9.4.0
eclipse	jetty	9.4.0
eclipse	jetty	9.4.0
eclipse	jetty	9.4.0
eclipse	jetty	9.4.0
eclipse	jetty	9.4.0
eclipse	jetty	9.4.0
eclipse	jetty	9.4.0
eclipse	jetty	9.4.1
eclipse	jetty	9.4.1
eclipse	jetty	9.4.2
eclipse	jetty	9.4.2
eclipse	jetty	9.4.3
eclipse	jetty	9.4.3
eclipse	jetty	9.4.4
eclipse	jetty	9.4.4
eclipse	jetty	9.4.4
eclipse	jetty	9.4.5
eclipse	jetty	9.4.5
eclipse	jetty	9.4.6
eclipse	jetty	9.4.6
eclipse	jetty	9.4.7
eclipse	jetty	9.4.7
eclipse	jetty	9.4.7
eclipse	jetty	9.4.8
eclipse	jetty	9.4.8
eclipse	jetty	9.4.9
eclipse	jetty	9.4.10
eclipse	jetty	9.4.10
eclipse	jetty	9.4.10
eclipse	jetty	9.4.11
eclipse	jetty	9.4.12
eclipse	jetty	9.4.12
eclipse	jetty	9.4.12
fedoraproject	fedora	28

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*",
              "matchCriteriaId": "7E548698-6582-4598-A832-B64483B8D2D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*",
              "matchCriteriaId": "14AA2E29-F543-4B80-B8DD-F76187E63A3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*",
              "matchCriteriaId": "9B74BDCF-AF80-4679-8915-7D01E90BF4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*",
              "matchCriteriaId": "580A8553-56D1-41F3-A8A9-5698D3FA7F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*",
              "matchCriteriaId": "C2784485-FE0D-454D-B4EC-9F91EE396AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*",
              "matchCriteriaId": "C0AD7F68-96BD-442F-BC36-091D19BC1AC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "34269139-FB46-4EF8-BE3A-7B130F25B5E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "77FD0118-11CC-41AB-9B12-030B1F6F8EBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*",
              "matchCriteriaId": "A4D8788C-C718-479B-B441-B3C40F261CE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*",
              "matchCriteriaId": "EFB22D92-F41A-4C35-8FD6-1A57E9A25132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*",
              "matchCriteriaId": "58368FE2-71A7-470B-A918-E5DB97EE5176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*",
              "matchCriteriaId": "7D6CC58E-E40C-4D7A-B0EC-CDB5831FDA78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*",
              "matchCriteriaId": "612EB189-F829-4426-90CE-EBD75F91E652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*",
              "matchCriteriaId": "51C4F42E-99CE-4D4B-89B2-E43EE85FDE2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "2D040A9F-5FE2-48DB-BD7D-83DDB4CE8B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD6F208D-C7B2-4C3C-9FF7-6BF6618D2DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*",
              "matchCriteriaId": "56472E25-401A-411D-9A13-3EAB65025DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*",
              "matchCriteriaId": "525AC31D-F470-4E09-88D8-261FFEA88C50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*",
              "matchCriteriaId": "A5B32089-B410-4D62-8751-8341CC696F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "327C5D1A-2CB7-4F0C-B0CB-4D8CBB068D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E70AB03E-BE50-43B1-B6BA-BFEFFEE73D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*",
              "matchCriteriaId": "9781FB3C-386A-4CB8-B330-B707E8F56F55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*",
              "matchCriteriaId": "880FD5EC-D796-4232-B587-A99F80FDB68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "DEB8AEEB-77E4-41E7-A097-2A3DE29DF89B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*",
              "matchCriteriaId": "D52DFC06-3B44-4675-B7BA-18535B1499C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*",
              "matchCriteriaId": "83292226-E45E-4B13-963B-36FE18815939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*",
              "matchCriteriaId": "1A5D6F9A-3326-4C74-932D-DDE4AD900D1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*",
              "matchCriteriaId": "FC9739B3-070C-4D1D-BD44-E16DC23D5F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*",
              "matchCriteriaId": "E6C07F9D-27C0-4A56-97EE-D0392CFEEB96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*",
              "matchCriteriaId": "0B466BB1-D312-4F4A-9A96-1F88620A970D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*",
              "matchCriteriaId": "A0279CFA-12F5-4D73-9136-3EC240F14107",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*",
              "matchCriteriaId": "47C060B9-CEED-4D24-BC47-FE1AF604A72C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*",
              "matchCriteriaId": "AF745A33-0FEF-47E6-B549-8349C6D63B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*",
              "matchCriteriaId": "39C85CB4-BC76-4E2D-B7FF-72EAF85DA40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*",
              "matchCriteriaId": "363C327A-B383-4D07-9442-55254D3284E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*",
              "matchCriteriaId": "BDCF78F5-AC04-4F98-A57B-0C60C184589A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*",
              "matchCriteriaId": "B655ED4D-1A48-414B-AD5B-AC08644CE7E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*",
              "matchCriteriaId": "516E3314-C528-4DEF-B673-829094612C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*",
              "matchCriteriaId": "384F3A83-DDD5-4DC2-8257-F3A14BFD79E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "2688CA0E-2A36-4BAA-88CA-CA00DDA276EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*",
              "matchCriteriaId": "6482DF67-9178-409D-A522-68ACF3D08208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*",
              "matchCriteriaId": "FEC43E92-04B8-4F90-82C8-6DD2255B2652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*",
              "matchCriteriaId": "3BEF4B04-1014-400E-8EAA-EA3DFE968D41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*",
              "matchCriteriaId": "1C6FD95B-FDFA-412D-BCF7-A17EA87DFA0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*",
              "matchCriteriaId": "C1547494-C1A0-4755-8C0F-53F4084A1ADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "0220E37B-EEBC-4641-AD1C-245DC249F51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*",
              "matchCriteriaId": "CCCC8914-C758-4312-8AA2-B466D5B6C00F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*",
              "matchCriteriaId": "31A2B1C1-A27E-4479-B2AB-B2B37BC3CCD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*",
              "matchCriteriaId": "E449FD93-CD5D-4896-9CE1-DB42BB83A071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*",
              "matchCriteriaId": "ED6F20D8-2C63-47BD-886B-0684EEF89FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*",
              "matchCriteriaId": "B12BEFDE-9FB2-42E9-9638-F459FE274935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*",
              "matchCriteriaId": "3B755E3B-A128-436E-8EE7-98C7F9194D34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*",
              "matchCriteriaId": "B8029B2F-D88D-4BB3-9BD2-54EE034A0C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*",
              "matchCriteriaId": "9CBDC30D-02D8-4DD2-A0B7-50BCCBAC8A6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "C2560BAF-E379-477A-BF68-C836543920C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8BD9164B-4AB4-450C-B3D9-1F14C15ABE67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A59914E6-D3B8-4289-BE31-0AD2EDC81E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "430CDEEE-28CE-4712-AF95-6790775C4028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*",
              "matchCriteriaId": "A748119F-A5A1-4428-9BC0-1A8BE09C975C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*",
              "matchCriteriaId": "0BC5B393-9BD4-4C26-95D8-50A81CBFF0C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*",
              "matchCriteriaId": "09CE1987-E5E5-4F54-BC6E-245F4F02EA60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*",
              "matchCriteriaId": "E3D958FD-DD4D-4732-BE86-7E254E1AAE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*",
              "matchCriteriaId": "A266E261-7C7D-4C1D-BE6D-81FC5D85886D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*",
              "matchCriteriaId": "35251CD8-A1E6-445C-8D5F-9ABC61D84B35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*",
              "matchCriteriaId": "51115706-5A47-4ABF-AC19-274FFEC6C055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*",
              "matchCriteriaId": "A0F44C93-7916-49FC-93C5-C215D6C279BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*",
              "matchCriteriaId": "E2F9C9C5-0196-4B28-BB68-344E6DBE189A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*",
              "matchCriteriaId": "AFCB17E7-B40B-49B9-9353-EE06FC9C08E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*",
              "matchCriteriaId": "9C917FAC-2489-4B2D-89A6-CF9E47B6983D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*",
              "matchCriteriaId": "16872138-6AF5-418F-998F-1220DA602AE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*",
              "matchCriteriaId": "3211336E-0EE6-4676-AEFA-A778176C0ECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*",
              "matchCriteriaId": "387ABF04-9630-4016-B627-E35547970637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*",
              "matchCriteriaId": "8346B11B-55C9-4043-AF27-138CFCC64850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "031909CF-1F8B-494A-9A0A-E6B88ECD9E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*",
              "matchCriteriaId": "965AEAF6-AC84-4745-9707-BBB515C80FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*",
              "matchCriteriaId": "502FFF92-072B-451A-ADA8-5FCA59362C47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*",
              "matchCriteriaId": "59E72F2E-48C8-410C-BC9D-732F6E22BA27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*",
              "matchCriteriaId": "0DA38E7D-AB43-4384-A78E-820B46093345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "94C62E25-9929-46E0-8712-2D84DB9811ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5BCC2C7E-C8AA-48B2-9F14-5CD8E824B5AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*",
              "matchCriteriaId": "57480EC4-3D0F-4AD6-BC9C-162702C58336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "BC51FEF3-CF6C-4C67-B40C-825DA7B7AC07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "492760AF-E6C3-490B-B3E9-F354BAFA9B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "788DD7CA-B34B-4036-86BB-80A9361BE4C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."
    },
    {
      "lang": "es",
      "value": "En Eclipse Jetty, en versiones 9.3.x y 9.4.x, el servidor es vulnerable a una denegaci\u00f3n de servicio (DoS) si un cliente remoto env\u00eda frames SETTINGs bastante largos que contienen muchas opciones, o muchos frames SETTINGs peque\u00f1os. La vulnerabilidad se debe a las asignaciones adicionales de CPU y memoria necesarias para gestionar las opciones cambiadas."
    }
  ],
  "id": "CVE-2018-12545",
  "lastModified": "2024-11-21T03:45:24.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-27T20:29:03.630",
  "references": [
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "emo@eclipse.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "emo@eclipse.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-12545 (GCVE-0-2018-12545)

GSD-2018-12545

CNVD-2019-08727

CERTFR-2023-AVI-0357

Solution

CERTFR-2024-AVI-0923

Solutions

GHSA-H2F4-V4C4-6WX4

FKIE_CVE-2018-12545

Tags

Sightings

Nomenclature