Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1xeHA0LTI3dngteG1tM84AAUC0

Improper Input Validation in Jetty

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Permalink: https://github.com/advisories/GHSA-qxp4-27vx-xmm3
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xeHA0LTI3dngteG1tM84AAUC0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 7 days ago

CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Identifiers: GHSA-qxp4-27vx-xmm3, CVE-2011-4461
References:

• https://nvd.nist.gov/vuln/detail/CVE-2011-4461
• https://exchange.xforce.ibmcloud.com/vulnerabilities/72017
• http://marc.info/?l=bugtraq&m=143387688830075&w=2
• http://www.kb.cert.org/vuls/id/903934
• http://www.ocert.org/advisories/ocert-2011-003.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
• http://www.ubuntu.com/usn/USN-1429-1
• https://github.com/eclipse/jetty.project/commit/085c79d7d6cfbccc02821ffdb64968593df3e0bf
• https://security.netapp.com/advisory/ntap-20190307-0004
• https://github.com/advisories/GHSA-qxp4-27vx-xmm3

Repository: https://github.com/eclipse/jetty.project
Blast Radius: 24.1

Affected Packages